Pickpocketing your crypto wallets
I can’t say I’ve ever seen an attack on crypto, on digital sovereignty itself, of this magnitude. It blows my mind to imagine how many people may have been robbed in just a few hours.
The problem with news like this is that it gets too technical, and most people tune it out. “That’s for nerds,” they say. But this time it affects us all, and we should understand exactly how it happened — and how to protect ourselves.
The order of events is still a little murky, and I’ll admit I don’t fully buy the idea that the maintainer who was “hacked” is completely innocent. Something about it smells fishy, and I know fish — I live next to the ocean.
So what happened? A package maintainer (that’s what you call them, right?) got phished, and a hacker slipped malware into his npm account. That malicious code was published as new versions of some incredibly popular JavaScript packages. Unsuspecting developers, just doing their normal updates, pulled the poisoned versions right into their projects.
The list is long — 18 packages in total. And no, it wasn’t caught in time. For a short window, apps were shipping malware. The way it worked was nasty: if your wallet or app had one of these infected packages in its guts, it could intercept your crypto transactions. You’d think you were sending tokens to Alice — but the package would silently swap the address and send them to the attacker instead.
It was @spiritsurge who first raised the alarm. At first I thought I was safe. But the more I read, the more uneasy I felt. What if I wasn’t good?
So I audited my stuff — and sure enough, I had one of the compromised packages. How delightful.
In my case it was ansi-styles, usually just a boring little helper that adds color to terminal text. But the hijacked version wasn’t harmless. It sat there watching for window.fetch or XMLHttpRequest calls, waiting to hijack wallet interactions. Thankfully, Snapie doesn’t handle wallet functions, so we dodged the bullet.
Still — crazy few days. I wish I could say the person who did this will face real consequences, but it doesn’t look like that’s happening.
Another round in the timeless battle between good and evil.
MenO
Horrible!
Yet another example of why I don't believe that crypto is a solution for currency.
Believe it or not, hive and hbd was pretty safe from this attack. ;)
They've already identified some of the hackers wallets and will blacklist them from exchanges
I believe it, but my point stands.
Oh crap! You got me scared here for a second... That is a genius way to sneak into crypto. People get more inventive by the day, and criminals are never far behind.
That’s really scary to read about. It shows how even trusted packages can be targeted, and how careful developers need to be. Staying alert and double-checking sources is so important when it comes to protecting digital assets.
Here's the kicker though, the hacker made a grand total of 285$ lol. Biggest hack in the history with shit returns