cryptocurrency – Cybersecurity Watch

Multiple Crypto Packages Hijacked, Turned Into Info-stealers

Multiple npm cryptocurrency packages hijacked to steal sensitive information, including environment variables. Malicious scripts found in recent versions of longstanding packages have exfiltrated user data. The hijack is suspected to involve compromised maintainer accounts. Organizations urged to enhance supply chain security to prevent malware in open-source dependencies.

https://www.sonatype.com/blog/multiple-crypto-packages-hijacked-turned-into-info-stealers

New Web3 Attack Exploits Transaction Simulations to Steal Crypto

blockchain, cryptocurrency

Jan 13 2025

New Web3 attack, “transaction simulation spoofing,” steals crypto, exemplified by a $460,000 theft of 143.45 ETH. Attackers exploit transaction simulation flaws in wallets, luring victims to fake sites showing deceptive transaction previews. A delay allows attackers to change transaction outcomes, leading victims to authorize transactions draining their wallets. Users should be cautious of “free claims” on unverified sites, as trust in wallet simulations can be misleading. Solutions include adjusting simulation refresh rates and adding warnings for users.

https://www.bleepingcomputer.com/news/security/new-web3-attack-exploits-transaction-simulations-to-steal-crypto/