Aikido Security flagged the largest npm attack ever recorded, with 18 packages like chalk, debug, and ansi-styles hacked to hijack crypto wallets via injected code.
Aikido Security has flagged what could be the biggest npm supply chain compromise ever recorded. The account of a long-trusted maintainer known as qix was hijacked through a phishing email, and 18 popular packages were altered with malicious code. Those packages include chalk, debug, and ansi-styles, which together represent more than two billion weekly downloads.
The good news is that the timing of the detection was fast enough to limit damage. Aikido’s lead malware researcher, Charlie Eriksen, said the attack was identified within five minutes and disclosed within an hour.
What makes this incident especially serious is the purpose of the injected malware. Instead of targeting development environments or servers, the code is designed to interfere with cryptocurrency transactions in the browser.
According to researchers, it hooks into MetaMask, Phantom, and other wallet APIs, altering transaction data before users sign. The interface shows the correct recipient, but the funds are redirected to addresses controlled by the attacker.
The malware also intercepts network traffic and application calls, recognises formats across Ethereum, Bitcoin, Solana, Tron, Litecoin, and Bitcoin Cash, and then rewrites them with convincing lookalike addresses. Since it operates at both the browser and API level, it can make fraudulent transfers appear legitimate.
The full list of compromised packages is long, but some of the most widely used include chalk (300 million weekly downloads), debug (358 million), and ansi-styles (371 million). Other affected projects range from low-level utilities like is-arrayish to formatting libraries such as strip-ansi.
For many developers, these packages are part of the foundation of everyday JavaScript applications, meaning the malicious versions could already be running in production systems worldwide.
The maintainer confirmed on Bluesky that his account was taken over after receiving a phishing email from “[email protected].” By the time he began removing the infected packages, access to his account was lost. Some packages, like simple-swizzle, remain compromised as of the latest update.
Aikido’s analysis shared with Hackread.com shows the code is highly intrusive, modifying functions like fetch, XMLHttpRequest, and wallet API methods. It alters transaction payloads, approvals, and even Solana’s signing flow, redirecting assets without the user’s knowledge. In practical terms, this means a developer who updated one of these packages could be exposing users to wallet hijacking as they interact with Web3 applications.
For now, developers are advised to roll back to known safe versions, audit any recent package updates, and monitor transactions closely if their applications interact with cryptocurrency wallets. The situation remains active, and Aikido is now posting live updates on its official blog.
