- Topic
20k Popularity
11k Popularity
26k Popularity
34k Popularity
12k Popularity
- Pin
- 🌕 Gate Square · Mid-Autumn Creator Incentive Program is Live!
Share trending topic posts, and split $5,000 in prizes! 🎁
👉 Check details & join: https://www.gate.com/campaigns/1953
💝 New users: Post for the first time and complete the interaction tasks to share $600 newcomer pool!
🔥 Today's Hot Topic: #MyTopAICoin#
Altcoins are heating up, AI tokens rising! #WLD# and #KAITO# lead the surge, with WLD up nearly 48% in a single day. AI, IO, VIRTUAL follow suit. Which potential AI coins are you eyeing? Share your investment insights!
💡 Post Ideas:
1️⃣ How do you see AI tokens evolving?
2️⃣ Wh - 🌕 Gate Square · Mid-Autumn Creator Incentive Program is Now Live!
Share your creations with trending topics and get a chance to split $5,000 in rewards! 🎁
👉 Join now: https://www.gate.com/campaigns/1953
💡 How to Join:
1️⃣ Post with the hashtag #Gate Square Mid Autumn Creator Incentive# .
2️⃣ Your content should follow the daily trending topics posted by [Gate _Square], and include both hashtags.
3️⃣ The more posts, higher quality, and greater engagement — the bigger your rewards! 🚀
💰 Creator Rewards:
🏆 Top 1: Bulgari Mid-Autumn Gift Box + $100 Futures Voucher + $100 GT
🥈 Top 2: Bulgari - 🎉【Gate Singapore Flagship Event · Square Fun Quiz Challenge Day 1】
#TOKEN2049# is just around the corner, and Gate is bringing the heat to Singapore!
Token of Love Music Festival, Gate x Oracle Red Bull Racing Reception, and the F1 Race Viewing are all set to roll out!
Join Square Fun Quiz Challenge now, test how much you know about the events and share $100 BTC in rewards!
To join: Comment your answers (format: 1B 2A 3B 4C)
🎁 Rewards: 3 lucky winners each day → $10 BTC each
👑 Bonus: Answer all questions correctly for 3 days → Extra $10 BTC for Super Quiz King!
📖 Day 1 · Quiz (Single Choic - 💥 Gate Square Event: #SOMI Creative Contest# 💥
Post original content related to SOMI or CandyDrop #76 on Gate Square for a chance to share 180 SOMI rewards!
CandyDrop 76: CandyDrop x Somnia (SOMI)👉 https://www.gate.com/announcements/article/46912
📅 Event Period: Sep 8, 2025 – Sep 15, 2025
📌 How to Participate:
Post original content related to SOMI or the CandyDrop event
Minimum 80 words
Add hashtag: #SOMI Creative Contest#
Include CandyDrop participation screenshot
🏆 Rewards:
🥇 1st Prize (1 winner): 60 SOMI
🥈 2nd Prize (3 winners): 30 SOMI each
🥉 3rd Prize (6 winners): 10 SOMI each
(T - 🚗 #GateSquareCommunityChallenge# Round 1 — Who Will Be The First To The Moon?
Brain challenge, guess and win rewards!
5 lucky users with the correct answers will share $50 GT! 💰
Join:
1️⃣ Follow Gate_Square
2️⃣ Like this post
3️⃣ Drop your answer in the comments
📅 Ends at 16:00, Sep 17 (UTC)
The largest NPM Supply Chain attack in history! Core JS library compromised, encryption user funds may be stolen.
The global JavaScript ecosystem is facing the largest NPM Supply Chain attack in history. Hackers have breached the Node Package Manager (NPM) account of a well-known developer, injecting malicious code into core JavaScript libraries relied upon by millions of applications, directly targeting the Wallet funds of Crypto Assets users.
Attack Details: Core Library Infected with 'Encryption Clipper'
According to multiple security reports, the affected packages include small utilities such as chalk, strip-ansi, and color-convert, which are deeply embedded in the dependency tree of countless projects, with weekly download volumes exceeding 1 billion.
Malicious Function: Silently replaces the crypto wallet address during the transaction process (commonly known as "crypto clipper")
Potential risk: Users may unknowingly transfer funds to addresses controlled by hackers.
Ledger Chief Technology Officer Charles Guillemet warned: "The entire JavaScript ecosystem may be in danger."
Encryption users become high-risk targets
Security researchers point out that users relying on software Wallets face the highest risk, as malicious code can alter transaction details in web pages or applications.
Hardware Wallet users are relatively secure because each transaction needs to be confirmed on a physical device.
DefiLlama founder 0xngmi reminds that malicious code will not automatically empty the Wallet, but will tamper with the transaction content when users click "swap" or "confirm".
Due to users being unable to easily identify which websites have updated to secure versions, experts recommend pausing encrypted transactions on sites with uncertain security until the affected packages are fully cleared.
Attack Method: Phishing Email to Capture Maintainer Account
(Source: Github)
Attackers disguise themselves as official NPM-supported phishing emails to lure maintainers into updating their two-factor authentication on a fake website, thereby stealing login credentials.
Once hackers gain control of the account, they can push malicious updates to packages that have been downloaded billions of times.
Aikido Security researcher Charlie Eriksen stated that the danger of this attack lies in its ability to "simultaneously manipulate the displayed content on websites, API calls, and the transaction data that user applications believe they are signing."
Why is this the "largest Supply Chain attack in history"?
Wide impact: Affects millions of applications and websites.
High penetration depth: the core library is located at the bottom of the dependency chain, and may be affected even if not directly installed.
Highly targeted: Specifically focused on crypto trading and wallet funds
This means that the entire chain, from front-end developers to end users, may become a target for attacks.
Conclusion
The recent NPM supply chain attack highlights the vulnerability of the open-source ecosystem and the high risks of the crypto market. For developers, it is essential to immediately check and roll back to a secure version; for crypto users, it is advisable to avoid trading on websites with uncertain security in the short term and to use hardware Wallets for asset management whenever possible.