Sort:  

The dependency pathway now correctly references the secured version of the targeted package. The harmful version was published at 13:16 UTC and seems to have been removed.

🔐 It's important to check transactions before approving them. Look for platforms, wallets, and tools that facilitate careful verification of transaction details.

🚨 A major supply chain attack is underway: a trusted developer’s NPM account was compromised. The affected packages have been downloaded over a billion times, posing a potential risk to the entire JavaScript ecosystem.

The harmful payload covertly swaps crypto addresses to redirect funds.

When using a hardware wallet, ensure careful review before signing to remain protected.

If you don’t have a hardware wallet, it’s advisable to avoid on-chain transactions for now.

It’s uncertain if the attacker is also extracting seeds directly from software wallets at this point.

Full report available here: [link]