Attackers hijacked popular NPM packages to replace crypto wallet addresses

Big discussion yesterday (1280 points, 703 comments) https://news.ycombinator.com/item?id=45169657

On September 8, 2025, NPM reported that several libraries were compromised in a user-side man-in-the-middle attack. This research dives into the details about how the attack works.