(www.aikido.dev)

1369 points universesquid | 2 comments | 08 Sep 25 15:37 UTC | HN request time: 0.465s | source

https://github.com/advisories/GHSA-8mgj-vmr8-frr6

1. dafelst ◴[08 Sep 25 19:07 UTC] No.45172480[source]▶

I'm curious if anyone is tracking transactions against the wallet addresses in the malicious code - I assume that is essentially the attackers' return on investment here.

replies(1): >>45172709 #

2. eiiot ◴[08 Sep 25 19:23 UTC] No.45172709[source]▶

>>45172480 (TP) #

Just ran a script to do this – doesn't seem like there's much going in, other than one test transaction.

↑

NPM debug and chalk packages compromised