An escalating npm supply chain attack has compromised dozens of foundational JavaScript packages to spread malware and drain crypto wallets.
The attack, initiated via a simple phishing email, compromised npm packages accounting for over two billion combined weekly downloads. It has now escalated to compromise a second high-profile developer account.
The initial assault, which security firm Aikido first detected on 8 September 2025, targeted a single prolific maintainer. The developer was tricked by a phishing email sent from the fraudulent domain npmjs.help, which was registered just three days prior to the attack. The email, appearing as a legitimate npm support request, compromised the maintainer’s account and allowed the attackers to publish malicious versions of 18 widely-used packages.
The breach affected packages that are fundamental building blocks for countless web projects, including chalk (300 million weekly downloads), debug (357 million), strip-ansi (261 million), and ansi-styles, which alone is downloaded over 371 million times a week.
The compromised developer acknowledged the breach, stating: “I’m the maintainer of chalk, and 17 other of the affected packages. I was the victim of phishing.” The developer began removing the malicious versions before the attackers revoked his access to the account.
Just as the community was dealing with this breach, the attackers struck again. Early this morning (9 September 2025) the same campaign compromised the duckdb_admin account, responsible for the popular DuckDB analytical database packages, confirming this is a coordinated assault on the open-source ecosystem.
While devastating, this npm supply chain attack follows a classic pattern
Security experts note that this incident, while shocking in its scale, follows a well-established and dangerous attack pattern.
Ilkka Turunen, Field CTO at software supply chain security firm Sonatype, commented: “What we are seeing unfold with the npm packages chalk and debug is an unfortunately common instance today in the software supply chain.
“All the components published by a single developer were compromised following an account takeover. These packages, including chalk, debug and 16 others collectively get about two billion weekly downloads, indicating a large-scale impact.”
Turunen warned that while this particular payload was designed for crypto theft, the underlying strategy is a favoured tool of advanced persistent threat (APT) groups like Lazarus. He explained that these groups deliberately target popular but often under-resourced open-source projects to gain a foothold into target organisations.
The malicious payload was focused on crypto theft, but this takeover follows a classic attack that is now established—by taking over popular open source packages, adversaries can steal secrets, leave behind backdoors and infiltrate organisations,” Turunen explained.
“We have seen this strategy become a key tool for adversaries to gain initial access.”
Malware designed to drain crypto wallets
In both npm supply chain attacks, the goal was to distribute sophisticated malware to drain crypto wallets. The malicious code is a browser-based interceptor that hijacks core web functions to steal cryptocurrency.
It works by injecting itself into the browser environment and hooking into network requests like fetch and XMLHttpRequest, in addition to common crypto wallet APIs such as window.ethereum and Solana interfaces. This allows it to silently monitor all web traffic and wallet activity for sensitive data.
When the malware detects a transaction, it scans for wallet addresses and rewrites the destination to an attacker-controlled address before the user signs it.
To evade detection, the malware uses “lookalike” addresses and avoids making obvious changes in the user interface, meaning a user could see what appears to be a correct transaction while their funds are being redirected in the background.
The link between the two waves of the attack is undeniable. Analysis of the malicious payload from both incidents shows the exact same obfuscated code. In particular, both contain a highly specific and recognisable block of regular expressions used to identify and replace wallet addresses across numerous blockchains. This identical code signature confirms both incidents are part of the same focused campaign.
Latest npm supply chain attack spreads to DuckDB
The second phase of the attack targeting crypto wallets compromised the duckdb_admin account, leading to the publication of several more malicious packages earlier today.
According to findings by Socket, these included duckdb@1.3.3, with around 149,000 weekly downloads, and @duckdb/duckdb-wasm@1.29.2, which is downloaded approximately 65,000 times a week. Other core packages like @duckdb/node-api@1.3.3 and @duckdb/node-bindings@1.3.3 were also compromised.
While these packages have since been deprecated by npm, some remained live for hours, posing a serious risk to any developers who updated their dependencies during that window.
Remediation and protecting your crypto wallets
This npm attack is a stark reminder of the fragility of the software supply chain, where the compromise of a single developer through social engineering can have a cascading impact on millions of downstream projects.
Developers and organisations are urged to take immediate precautions. First, check all projects for the compromised package versions. It is essential to clean your npm cache and reinstall all dependencies to ensure malicious code is purged.
Above all, ensure you are using a package lock file (package-lock.json) and pinning dependencies to known safe versions to prevent accidental upgrades to malicious releases.
Turunen advises a more thorough approach for corporate environments, saying that it’s “key organisations investigate their SBOMs for these affected versions and treat any machine found with them as compromised.”
Crypto users, meanwhile, are advised not to make any on-chain transactions using their software wallets until the dust has settled on this latest npm supply chain attack:
See also: AI coding assistants speed delivery but multiply security risk
Want to learn more about cybersecurity from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events, click here for more information.
Developer is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here.
