flower-shilling

PSA warning: caveat emptor crypto traders

Smithys Bullion - FINE GOLD AND SILVER
pmbug

pmbug

Precious Metals Bug
Silveroo
Rating - 0%
0   0   0
🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk.

The malicious payload works by silently swapping crypto addresses on the fly to steal funds.

If you use a hardware wallet, pay attention to every transaction before signing and you're safe.

If you don’t use a hardware wallet, refrain from making any on-chain transactions for now.

It’s still unclear whether the attacker is also stealing seeds from software wallets directly at this stage.
Click to expand...



Wow! The entire crypto space (ie. just about every browser based wallet, extension or website) may be at risk as JavaScript itself suffers a hack injecting malicious code designed to hijack transactions for Bitcoin (BTC), Ethereum (ETH), Solana (SOL), Tron (TRX), Litecoin (LTC), and Bitcoin Cash (BCH).
 
pmbug said:


Wow! The entire crypto space (ie. just about every browser based wallet, extension or website) may be at risk as JavaScript itself suffers a hack injecting malicious code designed to hijack transactions for Bitcoin (BTC), Ethereum (ETH), Solana (SOL), Tron (TRX), Litecoin (LTC), and Bitcoin Cash (BCH).
Click to expand...

I immediately checked all my Gold & Silver, but couldn't see any signs of " injected malicious code ".

I will keep my stack isolated for the time being, just in case.

:ROFLMAO:
 
ANYTHING & EVERTHING Invented/Constructed/Implemented by Man can Hacked/Twisted/Destroyed by Man.

Gold & Silver are Natural Creations, not of Man.

So long after Civilization & Man crumble back into the Dust, the Gold & Silver will still Be, just as they always were.

:cool:
 
Update on the NPM attack: The attack fortunately failed, with almost no victims.

It began with a phishing email from a fake npm support domain that stole credentials and gave attackers access to publish malicious package updates. The injected code targeted web crypto activity, hooking into Ethereum, Solana and other chains to hijack transactions, and replacing wallet addresses directly in network responses.

The attackers’ mistakes caused crashes in CI/CD pipelines, which led to early detection and limited impact. Still, this is a clear reminder: if your funds sit in a software wallet or on an exchange, you’re one code execution away from losing everything. Supply chain compromises remain a powerful malware delivery vector, and we’re also seeing more targeted attacks emerge.

Hardware wallets are built to withstand these threats. Features like Clear Signing let you confirm exactly what’s happening, and Transaction Checks flag suspicious activity before it’s too late.

The immediate danger may have passed, but the threat hasn’t. Stay safe.
Click to expand...


View: https://x.com/P3b7_/status/1965336272550899932
 
You must log in or register to reply here.
Back
Top