Scan to download
Home Flash
Calendar
BTC $71,335.64 -3.61%
ETH $2,205.14 -4.96%
BNB $652.37 -2.52%
XRP $1.42 -4.56%
SOL $81.67 -4.53%
TRX $0.2795 -0.47%
DOGE $0.0974 -3.83%
ADA $0.2735 -4.22%
BCH $456.40 -3.16%
LINK $8.64 -2.97%
HYPE $28.98 -1.81%
AAVE $122.61 -3.42%
SUI $0.9864 -4.19%
XLM $0.1605 -4.62%
ZEC $260.31 -8.86%
BTC $71,335.64 -3.61%
ETH $2,205.14 -4.96%
BNB $652.37 -2.52%
XRP $1.42 -4.56%
SOL $81.67 -4.53%
TRX $0.2795 -0.47%
DOGE $0.0974 -3.83%
ADA $0.2735 -4.22%
BCH $456.40 -3.16%
LINK $8.64 -2.97%
HYPE $28.98 -1.81%
AAVE $122.61 -3.42%
SUI $0.9864 -4.19%
XLM $0.1605 -4.62%
ZEC $260.31 -8.86%
Home
Article
Flash
Specials
Columns
Knowledge Base
Calendar
Markets
Charts
Activity
Tools

Attacks on the NPM supply chain have occurred again

2025-09-16 09:31:56
Collection

ChainCatcher message, Scam Sniffer has detected another attack on the NPM supply chain. The package @ctrl/tinycolor (with 2.2 million downloads per week) has released a malicious version that runs an information-stealing program during the npm postinstall script execution to scan and steal sensitive data.

This malicious payload abused the legitimate sensitive information scanning tool TruffleHog. Please check if you have downloaded the affected version, pause any installation/update operations, and pin the version to a known safe version.

(Source Link)
warnning Risk warning
Related tags
Scam Sniffer NPM TruffleHog
Related reading
Scam Sniffer: A certain address lost over 720,000 valBUSD and valTUSD due to signing phishing emails
2026-03-15 10:06
An Ethereum user lost nearly $390,000 after signing a phishing authorization transaction
2026-02-25 09:07
A user on the BSC chain lost nearly $120,000 due to signing a malicious increaseAllowance transaction
2026-02-10 16:18
Two victims lost over $62 million due to a copycat address poisoning attack
2026-02-09 12:02
Related tags
Scam Sniffer NPM TruffleHog
Copyright © 2023
About Us
Media Kit
Apply column
Privacy Policy
Risk Warning
Hiring
Qiong ICP No. 2021009392
Qiong ICP No. 2021009392
app_icon
ChainCatcher Building the Web3 world with innovations.