BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up
HomeNewsCrypto scams escalate: SecondFi phishing, $14.2M SOL theft, npm attack

Crypto scams escalate: SecondFi phishing, $14.2M SOL theft, npm attack

-

The cryptocurrency ecosystem has experienced multiple security incidents within a 24-hour window, highlighting three distinct attack vectors targeting users, investors, and software developers. Fraudsters impersonated SecondFi through fake browser extensions and applications designed to steal wallet access. An early Solana whale wallet was compromised, resulting in the theft of 180,900 SOL valued at approximately $14.2 million. Meanwhile, a sophisticated software supply chain attack compromised the jscrambler npm package after attackers stole publishing credentials, releasing multiple malicious versions containing information-stealing code.


Crypto scams are becoming increasingly prevalent, drawing widespread attention. More than three breaches occurred in the past 24 hours, with several notable cases.

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading

SecondFi fell victim to a scam where fraudsters impersonated the platform by developing phony browser extensions and applications intended to steal cryptocurrency or access users’ wallets. According to SecondFi, the team clarified that there is no new application or link, it is the same. The team asserted it will never ask users to download software, click links, sign transactions, or transfer assets through direct messages or emails. To prevent phishing scams and money theft, the team advised users to install only the official Chrome extension with a blue verified checkmark and access SecondFi via its official website.

In a second incident, blockchain investigator ZachXBT claims that an early Solana whale wallet was compromised, resulting in the theft of 180,900 SOL worth $14.2 million. On-chain data showed the wallet displayed unusual unstaking activity, indicating the attacker took over staked assets before transferring them to newly created Solana addresses. The stolen assets were later bridged from Solana to Ethereum to obscure transaction trails, and the investigation asserted that some money had already been transferred using Tornado Cash.

Finally, the jscrambler npm package became the target of a software supply chain attack after an attacker allegedly stole login credentials needed to release new versions. An information-stealing payload was included in malicious releases 8.14.0, 8.16.0, 8.17.0, 8.18.0, and 8.20. These releases ran malicious code on Linux, macOS, or Windows systems, initially distributed through a preinstall script. In versions 8.18.0 and 8.20.0, the attacker incorporated malicious code directly into the package, evading security measures like npm install –ignore-scripts. According to jscrambler, the attack was made possible by compromised npm publishing credentials, and developers were urged to update immediately to version 8.22.0 containing the fix.

Most Popular

Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount