flash on Nostr: ⚡️🚨 ALERT - Aikido Security has flagged what may be the largest npm supply ...

⚡️🚨 ALERT - Aikido Security has flagged what may be the largest npm supply chain hack ever targeting crypto holders.

A long-trusted maintainer (“qix”) was phished, and 18 popular packages, including chalk, debug, and ansi-styles (2B+ weekly downloads), were injected with wallet-draining code.

The malware silently swaps crypto addresses in MetaMask, Phantom, and other software wallets. Users see the correct recipient, but funds are rerouted to attacker-controlled addresses.

The compromised packages have already been downloaded over 1B times, putting the entire JavaScript ecosystem at risk.

🔒 Hardware wallet users: verify every transaction before signing.
⚠️ Software wallet users: avoid on-chain transactions for now.