NPM Hack Exposes Crypto Apps to Silent Wallet Address Swaps

He warned that funds stored on these platforms could be lost through a single line of compromised code. According to Guillemet, software-based systems remain vulnerable to supply chain attacks, where malicious updates enter through trusted tools.

The breach began when attackers sent a phishing email disguised as a message from NPM support. This led to stolen developer credentials, which were used to publish altered versions of used packages such as chalk, debug, and strip-ansi.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

How to Buy Crypto SAFELY With a Credit Card (Animated)

SUBSCRIBE

ON YOUTUBE

This code worked by switching out wallet addresses in network traffic. When an app communicated with a blockchain, the malicious code would replace the destination address with one controlled by the attacker.

Bitcoin BTC $90,407.37 , Ethereum ETH $3,197.33 , Solana SOL $131.09 , Tron TRX $0.2813 , and Litecoin LTC $80.94 networks were all targeted in this way.

Anatoly Makosov, CTO of The Open Network (TON), explained that the attackers tampered with specific releases, 18 versions in total. He noted that apps were at the highest risk if they integrated the affected packages within hours of their release or if they used systems that automatically update dependencies.

Makosov encouraged developers to check whether these versions were present. He also shared a checklist for developers to help identify whether their applications were impacted.

If any of the 18 compromised library versions were in use, the project should be treated as affected.

Lucija Valentić at ReversingLabs recently reported that hackers discovered a new method for spreading malicious software. How? Read the full story.