Historic JavaScript Supply Chain Attack Threatens Crypto Security
Cyber attackers have infiltrated widely used JavaScript libraries through the Node Package Manager (NPM), inserting malware intended to steal cryptocurrency by swapping wallet addresses and hijacking transactions. This breach is being described as the largest supply chain attack ever recorded in the crypto ecosystem.
Reports emerged Monday that hackers compromised an NPM account belonging to a reputable developer, embedding malicious code into popular JavaScript packages utilized by millions of applications worldwide. The malware operates by intercepting transaction requests, replacing legitimate wallet addresses with those controlled by attackers.
Charles Guillemet, Chief Technology Officer at Ledger, highlighted the scale of the attack: “The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk.” However, the malware does not automatically drain wallets; users must still approve transactions, which the malicious code can manipulate at the point of interaction.
According to Oxngmi, founder of DefiLlama, only applications that updated to the compromised package versions after the malware insertion are vulnerable. Many developers mitigate risk by pinning dependencies to older, secure versions. Nonetheless, users are advised to exercise extreme caution and avoid interacting with crypto websites until the compromised packages are fully remediated.
Nasdaq Seeks SEC Approval to Trade Tokenized Stocks
In a significant regulatory development, Nasdaq has formally requested the U.S. Securities and Exchange Commission (SEC) to approve a rule change permitting the listing and trading of tokenized stocks on its exchange. This move aims to integrate blockchain-based digital securities within the existing regulatory framework.
Nasdaq’s filing proposes amendments to definitions and trading rules to treat tokenized stocks as equivalent to traditional securities, provided they meet specified criteria. The exchange emphasized the importance of clear labeling to ensure proper processing by clearinghouses such as the Depository Trust Company.
According to Nasdaq, securities could be traded either in their traditional digital form or as tokenized assets leveraging blockchain technology. The request reflects an effort to modernize securities trading infrastructure and expand access to tokenized financial instruments.
Ethereum Stablecoin Supply Reaches New Heights
Ethereum’s stablecoin ecosystem continues to expand rapidly, with approximately $5 billion in new stablecoins issued last week alone. This surge has pushed the total supply of Ethereum-based stablecoins to an all-time high near $165 billion, according to Token Terminal.
Ethereum commands a dominant 57% share of the stablecoin market, significantly outpacing its nearest rival, Tron, which holds 27%, and Solana at under 4%. The growth underscores Ethereum’s position as the leading blockchain platform for stablecoin issuance and trading.
FinOracleAI — Market View
The discovery of malware in core JavaScript libraries poses a significant short-term risk to crypto platforms reliant on these packages, potentially undermining user trust and prompting heightened security scrutiny. Nasdaq’s regulatory filing signals growing institutional interest in tokenized securities, which could catalyze broader adoption but faces regulatory uncertainties. Ethereum’s record stablecoin issuance reflects robust demand for digital dollar substitutes, supporting DeFi activity but also raising questions about systemic risk.
Impact: negative
