Developer Identity Used as Entry Point for npm Supply Chain Attack

On September 8, 2025, researchers reported what they described as “the largest software supply chain attack to date at npm,” triggered by a social engineering campaign targeting a trusted maintainer.

The threat actor compromised the npm account of a prominent developer known as Qix by tricking him into resetting his two-factor authentication credentials, granting full access to his account.

The phishing email originated from the domain npmjs[.]help, a deceptive clone of npmjs[.]com. This domain was registered on September 4, 2025, and was used to send spoofed messages impersonating official npm support.

The emails urged recipients to update their authentication credentials under threat of account lockout, creating urgency and fear. Other developers may have been targeted as well.

Once compromised, the developer's account was used to publish malicious versions of multiple npm packages, collectively accounting for over 2.6 billion weekly downloads. Exploitation was first observed around 13:16 UTC on September 8, continuing on for approximately two hours before npm maintainers began removing the affected versions.

The injected malware was designed to intercept and manipulate browser-based cryptocurrency wallet interactions, redirecting transactions to attacker-controlled addresses.

Researchers have been monitoring the wallet addresses embedded in the malicious code and, to date, have not observed any inbound transactions. This suggests that the malware may not have been widely executed in environments with active wallets, or that the attacker’s infrastructure failed to capture funds effectively.

However, the risk remains ongoing: compromised packages may still reside in applications that were updated during the attack window. If users interact with affected sites and connect wallets, future transactions could be intercepted. The attacker’s wallet addresses remain active, and the malware was designed to operate silently, making delayed exploitation possible.

As of September 9, there have been reports that the campaign is ongoing and extends beyond Qix’s packages to also include the DuckDB's duckdb_admin account, meaning organizations should treat the affected package list as fluid and assume malicious versions may still be accessible and automatically integrated into development workflows.

Stay on top of emerging threats like this.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities. 

Sign up

Analyst insight

This incident highlights the risk posed by compromised maintainer accounts and reflects a growing trend of phishing campaigns increasingly targeting developer identity.

The attack underscores the need for hardened authentication, package integrity verification, and continuous monitoring of dependency changes. Software supply chain risk assessments should be integrated into vendor due diligence and application security programs.

Open-source dependencies must be treated as third-party software with inherent risk, and security teams should maintain visibility into package provenance and update histories. Organizations using JavaScript libraries in web applications are at most risk, particularly those that performed fresh installs or updates between 9:00 AM Eastern Time on September 8 and now.

Applications that included compromised packages, either directly or as transitive dependencies, may have unknowingly deployed malware capable of intercepting cryptocurrency transactions. The impact is most severe for web applications interacting with blockchain wallets, decentralized finance platforms, or cryptocurrency exchanges. Server-side applications using these packages in Node.js-only contexts face minimal exposure.

Organizations should immediately audit their dependency trees for affected versions and roll back any deployments made during the compromise window. Enforce hardware-based two-factor authentication for developer accounts and implement package signing verification where supported.

Field Effect is actively monitoring the npm supply chain incident and can confirm that none of our services are impacted. Our internal review found no exposure to the compromised components. As part of our onboarding process, all third-party libraries undergo validation checks that would have flagged the affected packages. Updates to dependencies are only approved following a thorough assessment of their current security posture.

We’ve conducted targeted scans across client environments and continue to monitor for suspicious browser activity, with heightened focus on crypto-facing applications. Any client or partner identified as having downloaded the compromised packages would have received an ARO with remediation guidance.