Security Agency: NPM Supply Chain Attacked, Developer qix Affected

ChainCatcher message, according to market news, well-known developer qix has had npm packages injected with malicious code due to a phishing attack, with related packages including chalk, strip-ansi, color-convert, etc.

The attack method involves hooking wallet functions, tampering with ETH/SOL transaction receiving addresses, and replacing addresses in network responses. User advice: be sure to verify the recipient and amount in the wallet interface, check for address changes after pasting, review recent transactions, and prioritize using hardware wallets for high-value operations.