- DuckDB NPM account hacked, malicious packages released with wallet-draining malware.
- Community warned of similar attacks seen previously.
- Immediate actions taken to mitigate risks and alert developers.
SlowMist’s CISO 23pds reported a DuckDB NPM account compromise on September 9, releasing malware-laden versions of duckdb and duckdb-wasm, raising significant security concerns.
The compromise poses a risk of cryptocurrency wallet theft, highlighting vulnerabilities in open-source supply chains and prompting developers to reassess security protocols.
DuckDB Breach Exposes Critical Supply Chain Vulnerabilities
23pds from SlowMist announced that the DuckDB NPM account had been compromised. Malicious versions of duckdb and related packages were released early, containing wallet-draining malware. The official DuckDB project maintainers quickly marked affected packages as deprecated on their GitHub.
The malware targeted developer systems, redirecting cryptocurrency transactions. Affected assets included Ethereum, Bitcoin, Solana, and Litecoin. The incident did not impact DeFi smart contracts directly.
23pds, Chief Information Security Officer, SlowMist Technology, remarked, “The DuckDB NPM account was compromised and malicious code was published. Be attentive to wallet-draining attacks similar to those seen in previous supply chain incidents.”
Industry experts issued strong responses. SlowMist warned against increased vulnerabilities in developer environments. Vercel’s security team confirmed malicious code intercepted cryptocurrency interactions. No significant on-chain theft reported.
Historical Attacks Highlight Continued Risks in Package Management
Did you know? Historical supply chain attacks like the June 2025 NPM compromises targeted major packages, posing systemic security risks that persist in today’s digital infrastructure.
Ethereum, trading at $4,282.35, holds a market dominance of 13.40% with a market cap of $516.90 billion, as per CoinMarketCap. Despite a 1.88% drop over 24 hours, Ethereum shows a 43.03% price surge over 60 days. The 24-hour trading volume stands at $33.75 billion, up by 18.83%.
The Coincu research team noted that such compromises urge developers to increase supply chain security measures. With digital finances expanding, reliance on open-source projects necessitates refined scrutiny and vigilance against phishing schemes, emphasizing sustained awareness across all digital layers.
| DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing. |
Source: https://coincu.com/scam-alert/duckdb-npm-account-compromised-malware/