Malicious npm Package Caught Hijacking ERC20 Contracts to Drain USDT

On 26 March 2024, Phylum’s automated risk detection platform flagged a suspicious publication to npm called vue2util. It bills itself as, and upon first glance appears to be, a simple collection of utility functions for various purposes such as working with objects, arrays, strings, and files. However, hidden

automated bills called caught collection contracts detection erc20 files flagged functions hidden hijacking malicious malicious npm march npm npm package package phylum platform research risk simple strings usdt utility working