TechFlow, September 9 — Scam Sniffer reported that renowned developer qix fell victim to a phishing attack, resulting in malicious code being injected into npm packages, including chalk, strip-ansi, and color-convert. The attack involves hooking wallet functions, tampering with ETH/SOL transaction recipient addresses, and replacing addresses within network responses. Users are advised to always verify the recipient address and amount in their wallet interface, check for changes after pasting an address, review recent transactions, and prioritize using hardware wallets for high-value operations.
Charles Guillemet, CTO of Ledger, stated that these compromised packages have been downloaded over one billion times, indicating potential risks across the entire JavaScript ecosystem. The malicious code can silently replace cryptocurrency addresses during transactions to steal funds. Hardware wallet users can mitigate risks by verifying transaction signatures; non-hardware wallet users are advised to temporarily suspend on-chain activities. It remains unclear whether seed phrases have been compromised.
