Posted on September 11, 2025
Written by Andrew Trexler
Attackers recently launched a phishing attack that deployed malware designed to steal cryptocurrency across multiple blockchains, ensnaring a developer of multiple popular NPM packages. The attackers leveraged their new access to add code to target crypto transactions in attempts to steal funds, but swift reporting by the developer minimized the overall impact.
There are two great reminders to come from this story:
- First, the human element still remains as one of the weakest links in the security chain. As users we need to be constantly on the lookout.
- Second, quick reporting can limit the impact of malicious attacks. The victim in this case responded quickly, reporting the incident and alerting users to the attack. This significantly reduced the impact, and the response should be applauded.
After performing many phishing assessments, I encourage people and organizations to take this to heart. We should all be vigilant to not be tricked by a phish, but modern phishing is very realistic. Quick reporting of any suspicions allows tech teams to take fast action to limit damage.
Andrew Trexler
Andrew graduated from the University of Pittsburgh with a degree in Information Science where he focused on networking and security. He continued his education by obtaining the Offensive Security Certified Professional (OSCP) and the eLearnSecurity Junior Penetration Tester (eJPT) certifications. When not participating in capture the flag events, Andrew works as a pyrotechnic operator setting up and shooting firework shows in the Pittsburgh area.
Search The Exploit Blog
Blog Categories
- AI
- Careers
- Choosing a Penetration Testing Company
- Exploits
- How To
- In The News
- Injection Attacks
- Just For Fun
- Meet Our Team
- Mobile Apps
- Networks
- Password Cracking
- Patching
- Penetration Testing
- Phishing
- PTaaS
- Raxis In The Community
- Red Team
- Security Recommendations
- Social Engineering
- Tips For Everyone
- Web Apps
- What People Are Saying
- Wireless
