SEAL: Largest NPM Cryptocurrency Attack Stole Under $50

2025/09/10 10:30

SEAL revealed the largest NPM-based supply chain attack in crypto history.
Despite its scale, the attack resulted in only around $50 in stolen funds.

In a surprise revelation about Cryptocurrency, SEAL has revealed what they call the “largest NPM supply chain attack in crypto history” – an event that resulted in financial loss of $50. This highlights both potency and specialities in the modern cyber threats. SEAL discloses that hackers broke into the Node Package Manager (NPM) on Tuesday. These hacks happened to the account of a notable software developer and then added malware to well-known JavaScript libraries, targeting crypto wallets.

Also Read: Hyperliquid (HYPE) Rallies 8.56%: Lion Group Doubles Down with Massive Investment

A Wider Warning for Cryptocurrency

According to the SEAL’s detailed report that was released on Tuesday, a hacker successfully infiltrated the Node Package Manager (NPM) system. This happened with an attack on cryptocurrency-related open-source libraries. The attacker gave out information on dozens of seemingly legitimate packages. These were downloaded many times by developers across multiple projects.

Source: Google Images

These packages had many code designed to siphon off important wallet information and private keys from affected accounts. SEAL’s investigation indicated that the attack spanned across three months. These hackers silently exploited developers who, without knowledge, integrated the poisoned packages into their projects.

“We’re calling this the largest NPM-based supply chain attack in cryptocurrency because of its technical complexity and potential blast radius, not the dollar amount stolen,” – the SEAL co-founder Linh Dao stated. “It’s a wake-up call. The attacker’s intent was clearly more about testing vectors and infrastructure than profit.”

The Amount May Be Laughable, but the Stakes are High!

While the attack itself is laughably small in financial and cryptocurrency terms, the stakes are anything but. This incident definitely shows how weak the open-source foundation of the cryptocurrency ecosystem is. Just one malicious package, buried among many others, can silently steal or threaten the wallet keys and accounts, authentication tokens, or even access to the whole protocols.

The attacker might be testing the waters with an attempt at just this $50. Experts suggest monitoring closely for any other such tries.

Also Read: Improving security in online gaming with crypto wallets

Məsuliyyətdən İmtina: Bu saytda yenidən yayımlanan məqalələr ictimai platformalardan götürülmüşdür və yalnız məlumat xarakteri daşıyır. MEXC-in baxışlarını əks etdirməyə bilər. Bütün hüquqlar orijinal müəlliflərə məxsusdur. Hər hansı bir məzmunun üçüncü tərəfin hüquqlarını pozduğunu düşünürsünüzsə, zəhmət olmasa, service@support.mexc.com ilə əlaqə saxlayaraq silinməsini tələb edin. MEXC məzmunun dəqiqliyinə, tamlığına və ya vaxtında yenilənməsinə dair heç bir zəmanət vermir və təqdim olunan məlumatlar əsasında görülən hərəkətlərə görə məsuliyyət daşımır. Məzmun maliyyə, hüquqi və ya digər peşəkar məsləhət xarakteri daşımır və MEXC tərəfindən tövsiyə və ya təsdiq kimi qəbul edilməməlidir.

Məqaləni Paylaşın