The Largest Supply Chain Attack in History Hits NPM, Poisoning Packages With Billions of Weekly Downloads

A phishing campaign that tricked a package maintainer into surrendering credentials has triggered what researchers are calling the most destructive software supply chain attack on record. Attackers gained control of widely used NPM libraries and injected malicious code that silently hijacks cryptocurrency transactions in the browser.

A Single Compromise, Billions of Downloads

The breach began with a convincing phishing email sent from a look-alike domain, npmjs.help. Maintainers were told their accounts would be locked on September 10, 2025, unless they refreshed their two-factor authentication settings. Once one maintainer clicked through, attackers seized control of their account and began pushing tainted versions of popular packages.

Among the compromised libraries were chalk, debug, strip-ansi, ansi-styles, and other foundational dependencies used in both front-end and back-end stacks. In total, the hijacked packages represent more than 2.6 billion downloads every week, underscoring how a single compromise can ripple through the global software ecosystem at staggering scale.

Browser-Level Interception

Analysis by Aikido Security found that the injected malware altered index.js files to operate as a browser interceptor. The code monitors network traffic and API calls in real time, watching for cryptocurrency wallet addresses across Ethereum, Bitcoin, Solana, Tron, Litecoin, and Bitcoin Cash. If a transaction is detected, the malware swaps the intended destination with an attacker-controlled address before the user signs it.

“The packages were updated to contain a piece of code that would be executed on the client of a website, which silently intercepts crypto and web3 activity in the browser, manipulates wallet interactions, and rewrites payment destinations so that funds and approvals are redirected to attacker-controlled accounts without any obvious signs to the user,” said Charlie Eriksen, a researcher at Aikido Security.

A Calculated Attack

This was no generic phishing blast. The attackers deliberately exploited developer trust with a domain that mirrored npmjs.com and escalated urgency by threatening to lock accounts by a specific date. According to SOCRadar CISO Ensar Seker, that combination made the attack particularly effective.

“This incident represents a watershed moment in software supply chain security,” Seker said. “The compromise of NPM packages with over 2.6 billion weekly downloads highlights just how devastating upstream attacks can be when they exploit the foundational trust built into open-source ecosystems. Attackers didn’t need to break into servers or bypass technical defenses; they simply hijacked a legitimate maintainer’s account through a targeted phishing campaign.”

He added that the risk is magnified because these libraries are deeply embedded in dependency trees. “Developers and CI/CD pipelines rarely question dependencies that come pre-vetted from trusted registries. Malicious code embedded in these packages can bypass traditional static security checks and propagate downstream at incredible scale.”

The Industry Reckoning

The attack is the latest in a string of supply chain compromises. Earlier this year, eslint-config-prettier was hijacked, and several other widely used JavaScript libraries were seeded with info-stealing malware. Each incident has chipped away at confidence in open-source integrity.

Seker emphasized that the lesson is clear: dependency hygiene is now a front-line defense. He pointed to stronger identity protections for maintainers, mandatory hardware-based authentication, anomaly detection, continuous commit monitoring, and the adoption of software bills of materials (SBOMs) as urgent industry priorities.

“We often assume open-source software is secure because it’s open, but that openness means nothing if identity controls are weak, if changes go unreviewed, and if package provenance isn’t verified,” Seker said. “Security must now follow the code from origin to runtime, not just within corporate networks, but across global ecosystems.”

For developers and organizations alike, the compromise is a stark reminder that the software supply chain remains one of the most vulnerable entry points into the digital world.