#Cryptocurrency #Japan #Tokyo #Check Point #npm

Major Supply Chain Attack Unveiled by Check Point

Check Point Software Technologies, a global leader in cybersecurity solutions, has issued a critical warning regarding a significant supply chain attack that has resulted in the infiltration of popular cryptocurrency wallets like MetaMask and Phantom. Dubbed the largest of its kind in the history of npm, this incident has serious implications for users and developers alike.

Overview of the Attack

In early September 2025, a phishing attack targeted a single open-source maintainer, leading to the compromise of over 18 widely-used npm packages. These packages, collectively downloaded over 2 billion times a week, were found to contain malicious code that spread rapidly across thousands of related projects. The injected malware specifically aimed at browser wallets, seeking to steal cryptocurrencies such as Ethereum, Bitcoin, and Litecoin.

This unprecedented attack underscores the vulnerabilities of the trust-based open-source model, wherein a single point of failure can jeopardize the entire global software ecosystem. Check Point emphasizes the necessity for proactive supply chain security measures, advising security teams to implement practices such as dependency audits, enforced lock files, and AI-driven runtime protection.

Details of the Attack

On September 8th, 2025, the JavaScript ecosystem was rocked by a significant breach that security researchers are calling the largest npm supply chain attack to date. One phishing email sent to a prominent maintainer compromised over 18 crucial npm packages, which had accumulated billions of downloads. Among the affected packages were `chalk`, `debug`, and `supports-color`, of which the malware hijacked transactions under the radar of the users' browsers, designed to siphon off their cryptocurrency.

The targeted currencies included Solana, Ethereum, and Bitcoin, marking a shift from a regular supply chain attack to an orchestrated cryptocurrency theft incident. The malware operated within browser environments, intercepting wallet addresses in real time and replacing them with those controlled by the attackers. Although researchers from Aikido Security detected the malware swiftly, the damage was already done through the wide propagation of the malicious code.

The attack highlights a crucial weakness in the open-source ecosystem, where trust and convenience often outweigh security measures. It becomes evident that security considerations need to be integrated comprehensively throughout the software lifecycle, from early development stages to operational phases.

Recommendations from Check Point

Check Point's security research group manager, Adi Bleih, commented on the incident, stating, "This breach is not just a phishing incident; it’s a sophisticated attack that exploited trust. The impact has rippled through thousands of apps, affecting millions of users. A single vulnerable account can inadvertently trigger a global software supply chain crisis."

To safeguard against similar risks, Check Point recommends the following:

• - Utilize `npm ci` and lock files to prevent unverified installations.
• - Use tools such as npm audit, Snyk, and Socket.dev to audit dependencies.
• - Require package maintainers to implement hardware-based two-factor authentication.
• - Employ AI-driven runtime threat detection and prevention capabilities like the Infinity Platform.

While the attention on this extensive npm breach may wane, the potential risks persist. As the software supply chain continues to expand, so do the opportunities for attackers. Now is the time to reconsider fundamental approaches to trust, verification, and prevention in modern development processes.

Conclusion

This press release draws from a blog published on September 10, 2025, (U.S. time), emphasizing the importance of cybersecurity in a continuously evolving software landscape. Check Point Software Technologies is dedicated to protecting over 100,000 organizations worldwide through its AI-powered cybersecurity solutions.

For more information, visit Check Point's official site.