According to @rovercrc, a compromised NPM account injected malicious code into widely used packages with more than 1 billion cumulative downloads, indicating an active software supply chain attack (source: @rovercrc on X, Sep 9, 2025). The malware reportedly swaps crypto addresses to redirect funds and may also target software wallets, creating direct theft risk during transactions (source: @rovercrc on X, Sep 9, 2025). The source advises hardware wallet users to double-check every transaction before signing and recommends non-hardware wallet users avoid on-chain transactions for now (source: @rovercrc on X, Sep 9, 2025). For traders, this advisory signals heightened operational risk for on-chain executions and wallet interactions until the compromised packages are identified and remediated (source: @rovercrc on X, Sep 9, 2025).