BlockBeats News, September 9th: In response to the “NPM Supply Chain Attack” incident, OKX Wallet stated that OKX always prioritizes system security and strictly controls the risk of third-party component usage throughout the product development and deployment process. After internal investigation and assessment, OKX’s Android and iOS native framework-based APP does not have any related security risks; OKX’s plugins, Web applications, and mobile DApp browsers did not use affected versions of third-party components. All platform services are operating normally, and users can continue to use them with peace of mind.
It is reported that the attacker, through a phishing email (disguised as npmjs support), stole developer qix’s NPM account credentials, and then injected malicious code into 18 popular JavaScript packages released by qix (including chalk, debug-js, etc., with a weekly download count of over 2 billion times). This attack is considered the largest-scale supply chain attack in history.
It is worth noting that the malicious code did not attempt to implant a Trojan or steal files in the local environment but specifically targeted the Web3 scenario: if it detects the presence of window.ethereum in the browser environment, it will hijack transaction requests. The malicious code alters Ethereum and Solana transaction requests in the browser by redirecting funds to an attacker-controlled address (such as Ethereum address 0xFc4a4858…) and steals assets by replacing the encrypted address in the JSON response. Although the page displays the correct transaction address, the actual funds are transferred to the attacker’s address.
