On September 8, 2025, a significant supply chain attack was identified within the NPM ecosystem, affecting numerous widely-used packages. The attack involved the publication of malicious versions of dozens of NPM packages, which are downloaded billions of times weekly. This breach was executed through a phishing attack targeting a prominent NPM developer.

The Stellar Development Foundation (SDF) has confirmed that all projects under its GitHub organization remain unaffected. The SDF’s security and engineering teams responded promptly to the incident. While the malicious package versions have been removed from the NPM registry, the situation is evolving, and more affected packages may be discovered. The SDF has committed to ongoing monitoring and will provide updates as necessary.

The attack methodology included passive address swapping and active transaction hijacking via a “monkey-patched” fetch and XMLHTTPRequest call. These actions targeted wallets within the Bitcoin Classic (BTC ($115,908.00)), Bitcoin Cash (BCH ($569.08)), Litecoin (LTC ($100.91)), Solana (SOL ($202.58)), and Ethereum (ETH ($4,167.20)) ecosystems. Notably, the Stellar network was not a target in this malware attack.

Developers using NPM are advised to audit their build and deployment pipelines to ensure that no malicious versions of affected packages have been downloaded or installed. Additionally, developers who have recently run “npm” commands should audit their workstations to confirm the absence of these malicious packages.

Further details and updates on the situation can be found on the Stellar Development Foundation’s blog here.

Why This Matters: Impact, Industry Trends & Expert Insights

On September 8, 2025, the NPM ecosystem faced a major supply chain attack, affecting numerous packages with billions of downloads. The Stellar Development Foundation confirmed that its projects were unaffected, highlighting the ongoing risks associated with open-source dependencies.

According to a Vercel report, the current trend in NPM supply chain attacks involves sophisticated, large-scale compromises targeting popular packages to distribute cryptocurrency-draining malware. This aligns with the recent attack’s method of targeting widely-used packages to intercept and redirect cryptocurrency transactions.

As per insights from Sonatype, the attack was not due to a technical vulnerability but rather a successful social engineering exploit via phishing. This reinforces the need for increased vigilance and security measures to protect against similar future threats.

---

Disclaimer: The views expressed in this article are those of the authors and do not necessarily reflect the official policy of CoinsHolder. Content, including that generated with the help of AI, is for informational purposes only and is not intended as legal, financial, or professional advice. Readers should do their research before taking any actions related to the company and carry full responsibility for their decisions.

The post Stellar Development Foundation Responds to Major NPM Supply Chain Attack appeared first on CoinsHolder.