Data: The attacker of the NPM developer account is currently suspected to have only profited about 20 dollars

ChainCatcher news, according to CertiK Alert monitoring, the NPM account of developer Qix has been phished, with attackers injecting malicious code into npm. According to Security Alliance, the attackers seem to have profited only about 0.05 dollars worth of ETH and 20 dollars worth of Meme coins.

Earlier reports indicated that Ledger's Chief Technology Officer Charles Guillemet stated, "A large-scale supply chain attack is currently underway: the NPM account of a well-known developer has been compromised. The affected package has been downloaded over 1 billion times, which means the entire JavaScript ecosystem may be at risk. The malicious code works by silently altering cryptocurrency addresses in the background to steal funds."