security

Oops, No Victims: The Largest Supply Chain Attack Stole 5 Cents

0xbitcoiner

> #### Remediation
>
> If you are a package maintainer, there are a few ways you can check if you have been impacted, including:
> 
> - Checking your local node_modules to see if it contains the malware: grep -R 'checkethereumw'
> - Checking your npm cache with [this script](https://gist.github.com/phxgg/737198b6e945aba7046e9f9328576271) by phxgg
> - Checking your project with [this script](https://github.com/AndrewMohawk/RandomScripts/blob/main/scan_for_deps_qix-2025-08-09.sh) by AndrewMohawk
>
> If you are a user, make sure you are double checking any transactions you are signing to make sure the addresses are correct. For more information, you can refer to the [SEAL Framework](https://frameworks.securityalliance.org/wallet-security/signing-verification.html) on signing and verifying transactions.