Three Major Crypto Attacks in 24 Hours: Fake Apps, $14.2M SOL Theft, npm Breach

Three Major Crypto Attacks in 24 Hours: Fake Apps, $14.2M SOL Theft, npm Breach

First seen 13 Jul 2026, 21:12 UTC KucoinCryptonews 98% similarity 71.0

Article Content

Browse articles
ThreatCluster

In a span of 24 hours, three significant cryptocurrency-related attacks were reported. Fraudsters impersonated SecondFi, creating fake browser extensions and applications aimed at stealing cryptocurrency from users. SecondFi confirmed that it would never request users to download software or click links through direct messages. A separate incident involved the compromise of a Solana whale wallet, resulting in the theft of 180,900 SOL, valued at $14.2 million. The attacker exploited unusual unstaking activity before transferring the stolen assets to new Solana addresses and bridging them to Ethereum to obscure the transaction trail. Additionally, the jscrambler npm package suffered a supply chain attack, where malicious code was introduced into several versions of the package due to stolen npm publishing credentials. Developers were urged to update to version 8.22.0 to mitigate the threat.

Key Points: • Fraudsters created fake apps impersonating SecondFi to steal cryptocurrency. • A Solana whale wallet was compromised, leading to a theft of 180,900 SOL worth $14.2 million. • The jscrambler npm package was attacked, distributing malware through compromised releases.

ThreatCluster AI

Timeline

2026-07-12
Fake apps impersonating SecondFi reported
Fraudsters developed phony browser extensions aimed at stealing cryptocurrency from users of SecondFi.
Kucoin
2026-07-12
$14.2M SOL theft confirmed
Blockchain investigator ZachXBT reported the theft of 180,900 SOL from a compromised whale wallet.
Kucoin
2026-07-12
jscrambler npm package supply chain attack
Malicious code was introduced into several versions of the jscrambler npm package due to stolen credentials.
Kucoin
2026-07-13
SecondFi issues warning
SecondFi clarified that it will never ask users to download software or click links in messages.
Cryptonews

Community

Browse all →