Billions of Downloads, $50 Stolen: The NPM Supply Chain Attack That Could Have Been Worse
A massive supply chain attack shook the JavaScript ecosystem this week after hackers compromised the NPM account of “qix,” the maintainer behind widely used libraries like chalk, strip-ansi, and color-convert. While the actual theft amounted to just ~$50 in stolen funds, the sheer reach of the affected libraries - downloaded over a billion times per week exposed how fragile the open-source software supply chain remains.
The malware was particularly dangerous in how it mimicked legitimate wallet addresses using Levenshtein distance algorithms to create nearly indistinguishable replacements, a trick designed to bypass human scrutiny. Security researchers stress that anyone using auto-updated dependencies may have been exposed, and advise developers to pin safe versions and audit their lockfiles.
Ledger CTO Charles Guillemet called the incident a reminder that software wallets and exchanges remain “one code execution away” from compromise, urging users to rely on hardware wallets for added protection. Although the compromised packages have since been rolled back, the event highlights how quickly a single phishing email can cascade into a global attack surface for crypto theft.
Visualizing Crypto Crime: One Case, Six Meters of Paper
Sometimes crypto crime investigations get so complex, they don’t just fill screens: they fill walls.
This 6x2 meter printout shows only part of a tracing case produced with Global Ledger Vision. The tool enables investigators to follow transaction flows across chains, map out connections to specific addresses, and surface hidden links at scale without losing the details.
Approved for sharing by a law enforcement client of GL, the visualization will be used in court to demonstrate the extent of the activity.
$30M Cybercrime Ring Busted: Seoul Police Followed the Crypto Trail
Seoul police dismantled a cybercrime syndicate that stole $30M from 258 executives and high-profile victims. The hackers used stolen personal data, impersonation, and crypto to hide their tracks.
Using Chainalysis Reactor, investigators followed complex on-chain flows, recovered part of the funds, and exposed the group’s leader, “Mr. A,” who was captured in Thailand after a 106-day manhunt with Interpol.
The case shows how blockchain intelligence flips crypto from a shield for criminals into a weapon for law enforcement. As one official put it: “Fugitives who think they can’t be caught - will be caught.”
More weekly top stories:
Erin West (OP. Shamrock): Meta and Starlink are actively enabling the theft of billions of dollars.
SwissBorg hacked for $41M of SOL
Recoveris gets the CHF 1M funding
Chainabuse added to Etherscan
More stories from this week:
See you next week!
