A recent large-scale attack on JavaScript libraries within the node package manager (NPM) has been reported to have resulted in the theft of less than $50 worth of cryptocurrency. The attack targeted Ethereum and Solana wallets.

Hackers managed to breach the NPM account of a prominent software developer and inject malware into widely used JavaScript libraries. The malicious code was designed to target cryptocurrency wallets.

NPM is a popular open-source repository used in JavaScript development. It allows developers to share and reuse code packages, streamlining the development process. However, this also makes it a potential target for supply chain attacks, where malicious code is injected into legitimate packages.

In a similar incident from late 2024, hundreds of malicious packages were uploaded to NPM, targeting cryptocurrency developers. These packages had names similar to legitimate libraries used in cryptocurrency development. If a developer made a common misspelling while searching for a library, they might inadvertently download a malicious package. These malicious packages would connect to a hidden server, download a second-stage payload, and infect the developer's computer, potentially stealing cryptocurrency from the developer or their users.

Another attack that occurred in August 2025 involved a threat actor releasing malicious updates to an NPM package for a tool called Nx, which is popular among developers. The compromised versions of Nx included a malicious script that exploited local AI command-line interface (CLI) tools. These tools would scan the infected system for sensitive files, such as GitHub and NPM tokens, SSH keys, environment variables, and cryptocurrency wallet data. The stolen information would then be encoded and saved into a single file. This attack was notable as the first known instance of malware using developer-facing AI CLI tools to steal data. The malicious package versions were live for only a short period before being taken down, but thousands of developers may have been exposed.

These incidents highlight the importance of software supply chain security. Developers should exercise caution when using open-source libraries and continuously monitor them for updates and vulnerabilities.