9-9-2025 – Renowned developer Qix has been targeted in a phishing attack, leading to malicious code being injected into popular npm packages, including chalk, strip-ansi, and color-convert, according to a security alert from npm. The attack, first reported by BleepingComputer, manipulated wallet functions to alter Ethereum (ETH) and Solana (SOL) transaction recipient addresses and tampered with network response data. This sophisticated exploit aimed to redirect funds by swapping legitimate addresses with attacker-controlled ones.
The affected packages, widely used in JavaScript development, pose a significant risk to developers and users who rely on these libraries for blockchain-related applications. Security experts estimate that thousands of projects may be impacted due to the packages’ extensive adoption. Users are urged to verify recipient addresses and transaction amounts on wallet interfaces, check for unexpected address changes after pasting, and review recent transactions for anomalies.
For high-value operations, experts recommend using hardware wallets to mitigate risks. The npm team has removed the compromised package versions and is working with Qix to secure the affected repositories, but the incident highlights ongoing vulnerabilities in open-source ecosystems.
