A significant supply chain attack has struck the decentralized finance (DeFi) sector, raising alarms about potential vulnerabilities in crypto wallets. Hackers reportedly poisoned JavaScript packages, infusing them with crypto-stealing malware that, collectively, had been downloaded over 2.6 billion times in a single week. The incident has prompted rapid responses from DeFi protocols and wallet providers who are working to reassure users of their safety.
This alarming development is emblematic of the broader issues facing DeFi, a $204 billion ecosystem that now finds itself exposed to unforeseen points of failure. Cybercriminal behavior in the crypto space has escalated sharply in 2025, with hackers reportedly stealing $2.2 billion from various protocols—a staggering 77% increase from the total stolen throughout 2024, according to DefiLlama.
Despite the scale of the attack, the actual financial loss has been minimal so far. An Ethereum address connected to the hackers has reportedly received only about $500 in stolen crypto, according to Arkham Intelligence. This contrasts sharply with the more impactful thefts seen in previous breaches, such as the $1.4 billion stolen from the Bybit exchange earlier this year by suspected North Korean hackers.
The breach stemmed from a phishing attack on a developer responsible for over a dozen widely-used JavaScript packages crucial to DeFi functionality. While the compromises did not result in any critical system failures, they caused significant concern among users. The hackers exploited the compromised packages, inserting malicious code designed to intercept and redirect crypto transaction flows into their own wallets as users initiated transfers.
Security experts caution that the potential risk is primarily for individuals accessing compromised applications through the web. As a precaution, users are advised to refrain from completing any transactions until DeFi protocols and wallet providers have confirmed the situation is resolved. Although the attack has drawn comparisons to previous high-profile breaches, the community’s response is primarily focused on ensuring that further damage is averted.
The incident serves as a stark reminder of the fragility that can exist even in systems designed for decentralization. While blockchain technology is celebrated for its resilience against central points of failure, such attacks reveal vulnerabilities that lie beyond the control of developers. The ongoing cleanup in the wake of the attack is expected to consume thousands of hours of engineering and security teams’ time globally, illustrating the significant impact that such threats can have.
In other developments related to DeFi governance this week, a vote is underway within the Ethereum Name Service (ENS) community regarding the adoption of the Security Alliance’s Safe Harbor Agreement. Additionally, Gauntlet has proposed renewing its partnership with Compound, while Lisk DAO has voted to deploy liquidity to Aerodrome using Arrakis.
Furthermore, amid rising concerns, discussions have erupted in the crypto community regarding the security implications of coding practices employed by exchanges. A recent revelation that approximately half of Coinbase’s code is written using artificial intelligence has drawn criticism from users, especially in light of a recent security incident where hackers compromised data belonging to nearly 70,000 users.
