Summary: Security researchers have identified several hijacked cryptocurrency packages on the npm registry that have been modified to harvest sensitive information from compromised systems. These packages, some of which have been in existence for over 9 years, contain obfuscated scripts that exfiltrate data to a remote server. The incident highlights significant vulnerabilities in software supply chains and the importance of robust security measures such as two-factor authentication for npm maintainers.
Affected: npm registry packages including country-currency-map, bnb-javascript-sdk-nobroadcast, and others.
Keypoints :
- Several cryptocurrency packages on npm have been hijacked to steal sensitive information.
- The hijacked packages include legitimate tools used by blockchain developers for years.
- Obfuscated scripts included in the latest package versions are designed to exfiltrate data like API keys to a remote server.
- The incident raises questions regarding the security of npm maintainer accounts, potentially compromised through credential stuffing.
- There is a critical need for improved supply chain security measures and vigilance around third-party dependencies.
Source: https://thehackernews.com/2025/03/nine-year-old-npm-packages-hijacked-to.html