DuckDB NPM Account Hack Leads to New Malware Release

By: BitcoinEthereumNews
2025/09/10 05:00
Capverse
CAP$0.12187-5.43%
DeFi
DEFI$0.001673+1.45%
BRC20.COM
COM$0.016014-9.43%
Wink
LIKE$0.01031-4.95%
Smart Blockchain
SMART$0.00501-2.66%
Key Points:
  • DuckDB NPM account hacked, malicious packages released with wallet-draining malware.
  • Community warned of similar attacks seen previously.
  • Immediate actions taken to mitigate risks and alert developers.

SlowMist’s CISO 23pds reported a DuckDB NPM account compromise on September 9, releasing malware-laden versions of duckdb and duckdb-wasm, raising significant security concerns.

The compromise poses a risk of cryptocurrency wallet theft, highlighting vulnerabilities in open-source supply chains and prompting developers to reassess security protocols.

DuckDB Breach Exposes Critical Supply Chain Vulnerabilities

23pds from SlowMist announced that the DuckDB NPM account had been compromised. Malicious versions of duckdb and related packages were released early, containing wallet-draining malware. The official DuckDB project maintainers quickly marked affected packages as deprecated on their GitHub.

The malware targeted developer systems, redirecting cryptocurrency transactions. Affected assets included Ethereum, Bitcoin, Solana, and Litecoin. The incident did not impact DeFi smart contracts directly.

23pds, Chief Information Security Officer, SlowMist Technology, remarked, “The DuckDB NPM account was compromised and malicious code was published. Be attentive to wallet-draining attacks similar to those seen in previous supply chain incidents.”

Industry experts issued strong responses. SlowMist warned against increased vulnerabilities in developer environments. Vercel’s security team confirmed malicious code intercepted cryptocurrency interactions. No significant on-chain theft reported.

Historical Attacks Highlight Continued Risks in Package Management

Did you know? Historical supply chain attacks like the June 2025 NPM compromises targeted major packages, posing systemic security risks that persist in today’s digital infrastructure.

Ethereum, trading at $4,282.35, holds a market dominance of 13.40% with a market cap of $516.90 billion, as per CoinMarketCap. Despite a 1.88% drop over 24 hours, Ethereum shows a 43.03% price surge over 60 days. The 24-hour trading volume stands at $33.75 billion, up by 18.83%.

Ethereum(ETH), daily chart, screenshot on CoinMarketCap at 15:38 UTC on September 9, 2025. Source: CoinMarketCap

The Coincu research team noted that such compromises urge developers to increase supply chain security measures. With digital finances expanding, reliance on open-source projects necessitates refined scrutiny and vigilance against phishing schemes, emphasizing sustained awareness across all digital layers.

DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Source: https://coincu.com/scam-alert/duckdb-npm-account-compromised-malware/

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact [email protected] for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
Share Insights

You May Also Like

MYX Finance Could Repeat Mantra Crash After 270% Daily Spike, Analysts Warn

MYX Finance Could Repeat Mantra Crash After 270% Daily Spike, Analysts Warn

Analysts have warned that MYX Finance (MYX) may be repeating the trajectory of Mantra (OM), which spiked earlier this year before collapsing more than 90% within hours. The concern comes as MYX surged 270% in a single day and more than 1,200% over the week, briefly lifting its market capitalization above $3.3 billion. According to […] The post MYX Finance Could Repeat Mantra Crash After 270% Daily Spike, Analysts Warn appeared first on CoinChapter.
Moonveil
MORE$0.10119-0.56%
MAY
MAY$0.0427+1.25%
MANTRA
OM$0.2133-0.92%
Share
Coinstats2025/09/10 04:12
Share
A Deep Dive into AI Agents: What’s Next After the Hype?

A Deep Dive into AI Agents: What’s Next After the Hype?

The future of agent innovation requires not only intelligence, but also a lot of infrastructure and trust.
Hyperliquid
HYPE$53.24+5.00%
Trust The Process
TRUST$0.0004773-1.48%
DeepBook
DEEP$0.13589-0.82%
Share
PANews2025/05/06 10:00
Share
Trump sends a message to the House of Representatives: quickly pass the "clean version" of the GENIUS Act and submit it to the President for signature as soon as possible

Trump sends a message to the House of Representatives: quickly pass the "clean version" of the GENIUS Act and submit it to the President for signature as soon as possible

PANews reported on June 19 that Trump posted on his social media platform that the Senate has passed the "GENIUS Act", which will promote large-scale investment and innovation in the
OFFICIAL TRUMP
TRUMP$8.668+0.55%
Housecoin
HOUSE$0.013954-4.50%
Juneo Supernet
JUNE$0.0841-8.18%
Share
PANews2025/06/19 08:09
Share

Trending News

More

MYX Finance Could Repeat Mantra Crash After 270% Daily Spike, Analysts Warn

A Deep Dive into AI Agents: What’s Next After the Hype?

Trump sends a message to the House of Representatives: quickly pass the "clean version" of the GENIUS Act and submit it to the President for signature as soon as possible

Apple launches iPhone 17, Watch Series 11, and AirPods Pro 3 on Tuesday, all arriving September 19

Microsoft AI Unveils Strategic Shift: Embracing Anthropic for Office 365, Reducing OpenAI Reliance