A major supply chain attack was recently uncovered in the JavaScript ecosystem. Popular NPM packages such as chalk, strip-ansi, color-convert, and debug were compromised after a maintainer’s account was hijacked. These libraries collectively receive more than a billion weekly downloads, meaning the impact spans across much of the web.
The malicious code injected into these packages functions as a crypto-clipper. It does not drain wallets directly. Instead, it waits for a user to initiate a cryptocurrency transaction and then silently replaces the recipient’s wallet address with one controlled by the attacker. The malware accomplishes this in two ways:
- Passive address swapping – By intercepting browser functions like fetch and XMLHttpRequest, the malware can detect wallet addresses and replace them with visually similar attacker addresses. This trick makes it very difficult for users to notice a change.
- Active transaction hijacking – If a wallet such as MetaMask or Phantom is detected, the malware hooks into the wallet’s request functions. When a user approves a transaction, the destination address is swapped in memory before signing. Unless the user carefully checks the final address on their wallet or hardware device, funds can be misdirected.
Key Point: This Is Not a Drainer
It is important to emphasize that this attack cannot remove funds without user action. The malware only modifies transactions that the user themselves initiates. If you do nothing, your wallet remains untouched.
Phantom Wallet Example
For Solana users, Phantom is one of the most widely used wallets. Here’s how the attack scenario breaks down:
- Phantom to Phantom: Sending funds directly from one Phantom wallet to another, using Phantom’s built-in interface, is not exposed to the attack. This flow relies solely on Phantom’s own code and Solana’s RPC nodes.
- Phantom to Ledger: Sending from Phantom to a Ledger hardware wallet is also safe. Ledger requires you to confirm the destination address on the device screen itself. If the address has been tampered with, you will see the discrepancy before signing.
- Phantom with dApps: The risk arises when connecting Phantom to third-party decentralized applications (dApps). If a dApp’s frontend code depends on one of the compromised NPM packages, the malware could hijack or swap transaction details. For example, interacting with websites like PumpFun could carry risk until their dependencies are fully audited and patched.
Native vs. Third-Party Swaps
A practical example is token swaps. If you use Phantom’s built-in swap feature and paste in a token address, that transaction is routed internally through Phantom’s aggregator and RPC network. It does not involve any third-party site code, so it is safe. However, if you connect Phantom to an external dApp website and initiate the swap there, you are trusting their codebase—and potentially exposing yourself if those dependencies were compromised.
Mitigation and Next Steps
- Audit dependencies: Developers should immediately check their projects for vulnerable versions and pin safe versions in package.json.
- Use hardware wallets: Users should rely on devices like Ledger whenever possible, as these provide an independent confirmation step that malware cannot alter.
- Be cautious with dApps: Until the ecosystem has fully cleaned up, avoid unnecessary transactions through browser-based dApps.
- Verify addresses: Always check the recipient address directly in your wallet or on a hardware device before confirming.
Conclusion
This attack highlights a growing reality: supply chain compromises in open-source ecosystems can have far-reaching effects, especially in crypto where small changes to transaction data can result in large financial losses. While the specific malicious packages are being patched and removed from NPM, the structural risk remains. The safest approach is to minimize reliance on third-party dApps, confirm every transaction carefully, and use hardware wallets whenever possible.
