Today in crypto, hackers hit core JavaScript libraries in what’s called the largest supply chain attack ever, with malware designed to steal crypto. Nasdaq seeks SEC approval to let US exchanges trade tokenized stocks, while $5 billion in s…
Today in crypto, hackers hit core JavaScript libraries in what’s called the largest supply chain attack ever, with malware designed to steal crypto. Nasdaq seeks SEC approval to let US exchanges trade tokenized stocks, while $5 billion in stablecoins flowed into Ethereum last week.
Crypto users urged to take extreme care as NPM attack hits core JavaScript libraries
Hackers have compromised widely used JavaScript software libraries in what’s being called the largest supply chain attack in history. The injected malware is reportedly designed to steal crypto by swapping wallet addresses and intercepting transactions.
According to several reports on Monday, hackers broke into the node package manager (NPM) account of a well-known developer and secretly added malware to popular JavaScript libraries used by millions of apps.
The malicious code swaps or hijacks crypto wallet addresses, potentially putting many projects at risk.
“There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised," Ledger Chief Technology Officer Charles Guillemet warned on Monday. “The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk.”
According to a X post by DefiLlama founder Oxngmi, the malicious code doesn’t automatically drain wallets — users would still have to approve a bad transaction.
Since the hacked JavaScript package can alter what happens when you click a button, hitting the “swap” button on an affected site could swap out the transaction details and send funds to the hacker instead.
He added that only projects that updated after the compromised package was published are at risk, and many developers “pin” their dependencies so they keep using older, safe versions.
Still, because users can’t easily tell which sites were updated safely, it’s best to avoid using crypto websites until the affected packages are cleaned up.
Nasdaq asks SEC for rule change to trade tokenized stocks
Nasdaq, the world’s second-largest stock exchange by market capitalization, is seeking regulatory approval from the US securities regulator to list tokenized stocks.
Nasdaq filed a request Monday with the SEC asking for a rule change that would allow the company to list tokenized stocks.
The exchange operator specifically asked to amend certain rules, including the definition of a security, to trade tokenized stocks under the same execution and documentation rules as traditional securities, provided the tokenized versions are deemed equivalent.
According to a report by Bloomberg, Nasdaq’s request with the SEC would go beyond a technical rule change as it relates to the foundations of how stocks are issued and settled.
One of the changes sought by Nasdaq is that tokenized assets should be clearly labeled to ensure that all participants, including those responsible for clearing and settlement, like the Depository Trust Company, properly process these trades.
“A security may be traded in the Nasdaq Market Center in either traditional form (a digital representation of ownership and rights, but without utilizing distributed ledger (‘blockchain’ technology)) or tokenized form (a digital representation of ownership and rights which utilizes blockchain technology,” the company stated in the filing.
Ethereum added $5 billion of stablecoins last week
Ethereum added around $5 billion in new stablecoins over the past week, pushing the total supply of stablecoins on the network to an all-time high.
The stablecoin supply on Ethereum has more than doubled since January 2024 and has reached an all-time high of $165 billion, reported Token Terminal on Sunday.
Figures vary slightly depending on the data provider, as RWA.xyz reports a total of $158.5 billion in Ethereum-based stablecoins, which is also an all-time high, giving the network a commanding market share of 57%.
Ethereum has been the network of choice for stablecoins. Its next closest competitor, Tron, has a market share of 27% and Solana, in third place, has less than 4%.
