A large-scale supply-chain attack is unfolding across Web3 tooling and user workflows, driven by address swapping malware that silently alters destination wallets at the moment of transfer. The technique blends clipboard hijacking with transaction-field tampering to reroute funds without tripping basic checks. Quantitatively, the open-source attack surface is skewed toward JavaScript: about 75% of blockchain-related malicious packages appeared on npm over the past year, with roughly 20% on PyPI—an imbalance that magnifies the blast radius when a poisoned dependency spreads through build pipelines [4].

Key Takeaways

– shows 75% of malicious blockchain packages on npm and 20% on PyPI, confirming multi-ecosystem exposure fueling address swapping supply-chain campaigns. – reveals a malicious ‘pdf-to-office’ package, published March 24, 2025, drew 334 downloads before detection, injecting code to swap recipient wallets. – demonstrates $1.8M in February and $1.2M in March 2025 losses from address poisoning, highlighting gaps in pre-transaction verification for retail users. – indicates attackers now stage malware via Ethereum smart contracts, masking payloads behind on-chain code and fake GitHub bots to evade scans. – suggests rapid rollback and audits reduce losses, as Solana’s five-hour window backdoor caused $130,000–$160,000 theft across compromised library versions.

Address swapping supply‑chain attacks are escalating across ecosystems

Address swapping sits at the center of the current wave. Malicious code hidden in popular packages monitors copy-paste behavior and transaction construction, then replaces the intended address with an attacker’s wallet at the last possible moment. The approach exploits developer trust in open-source registries and normalizes around everyday habits—copying long hex strings, using autocomplete, and reusing recent addresses—to quietly divert value.

The quantitative backdrop is telling. With roughly three-quarters of blockchain-targeted malicious packages landing on npm and one-fifth on PyPI, JavaScript-centric toolchains and CI/CD runners bear disproportionate risk. That concentration ensures a single compromised dependency can cascade through transitive installs, automated bots, and frontend builds before defenders spot unusual egress or clipboard access patterns.

Tactically, address swapping differs from address poisoning. Poisoning seeds a victim’s history with lookalike addresses to induce miscopying later; swapping modifies the destination at build time, runtime, or just before submission. Both exploit UI and human-factor gaps, and both benefit when wallets or dApps don’t enforce pre-transaction verification that highlights inconsistencies in the final “to” field.

Attackers target multiple insertion points. In desktop workflows, clipboard watchers alter copied strings. In dApp flows, injected scripts or malicious packages intercept JSON-RPC calls—such as eth_sendTransaction—mutating the destination before signing. In automation, backdoored libraries alter queued transfers emitted by bots. The common thread is speed: even a small percentage of altered transactions, multiplied across users and bots, funds ongoing campaigns.

How address swapping malware evades detection via smart contracts

Defenders now face a fast evolution in staging tactics. Researchers recently documented adversaries hosting or masking malicious payloads inside Ethereum smart contracts, then instructing compromised packages to fetch and execute those bytes during install or runtime. The on-chain component complicates takedowns, while fake GitHub repos posing as “trading bots” increase trust during package triage; analysts call this a rapid escalation of supply-chain risk and recommend stricter dependency validation [3].

When payloads live on-chain, standard perimeter controls falter. Even if a registry removes the package, the contract persists, and new typosquats can reference the same bytecode. This lengthens campaign dwell time and supports address swapping drainers that cycle identities quickly. For defenders, signals shift from static package analysis to behavioral cues—unexpected contract reads, post-install scripts, clipboard hooks, and outbound connections during builds.

Developer impact: npm dominance, 334‑download package, and Solana backdoor costs

Recent package telemetry shows how quickly a small footprint can matter. On March 24, 2025, a package named “pdf‑to‑office” was published to npm, updated repeatedly to remain plausible, and downloaded 334 times before analysts confirmed injected logic that swaps recipient wallet addresses during transactions. Maintainers urged developers to verify package authenticity, sandbox untrusted code with tools such as LavaMoat, and patch affected dependencies immediately [1].

The risks are not confined to obscure modules. A prior open-source compromise hit @solana/web3.js, specifically versions 1.95.6 and 1.95.7, which exfiltrated private keys to sol‑rpc[.]xyz for about five hours. Researchers estimated theft between $130,000 and $160,000 before maintainers rolled back and urged rapid audits across projects that pinned those versions, including automated bots that sign transactions unattended [5].

These incidents illustrate compounding effects. A few hundred downloads in a popular ecosystem can seed thousands of transitive installations. A five-hour exposure window can translate into six-figure losses when bots, market makers, or high-frequency scripts continue processing withdrawals. In such windows, address swapping drainers need little time to turn subtle code changes into real money.

Victim toll: address swapping and address poisoning losses in 2025

User-side losses underscore the downstream cost. Address poisoning and related address swapping scams siphoned about $1.8 million in February and another $1.2 million in March 2025, according to incident tallies. Security leaders argue that many of these thefts could be prevented with pre‑transaction verification that compares intended and actual recipients before execution, particularly in retail-facing interfaces [2].

Design matters here. Wallets and exchanges that show the first and last characters of the resolved address—and require explicit confirmation when the destination differs from recent patterns—raise the friction for drainers. Absent these checks, clipboard hijacks and UI-level swaps remain profitable, especially when attackers ride supply-chain channels to reach both developers and end users at scale.

What stops address swapping drainers: layered controls that scale

Mitigations split across two fronts: secure the build and secure the send. On the build side, lockfile and verify dependencies, restrict post-install scripts, and isolate CI runners from secrets. Treat all package pulls as untrusted content; scan for clipboard access and string-replacement hooks, and monitor for unusual network calls during installation and tests. Sandboxing with strict policy confines the blast radius if a rogue dependency lands.

Operational hardening reduces stealth. Mirror critical libraries internally, pin content-addressed hashes, and record provenance so changes trip alarms. Block outbound egress from builders by default, preventing packages from fetching on-chain payloads at compile time. For Web3 apps, harden RPC endpoints, store keys in dedicated modules, and alert on processes that read the clipboard or modify 0x‑prefixed strings in memory.

On the transaction edge, pre‑submission checks provide quick wins. Wallets should compare the final “to” field against the user’s intended address, highlight mismatches, and warn if the field matches a recent clipboard entry with minor edits. Exchanges can slow or review withdrawals to first‑seen addresses, display human‑readable names where possible, and surface risk scores when address patterns resemble known drainer infrastructure.

Risk outlook: campaign cadence, detection gaps, and the next 90 days

Expect bursts of copycats targeting trending frameworks, trading utilities, and AI-adjacent tools that attract rapid downloads. Operators running address swapping drainers monetize immediately, rotate identities aggressively, and prefer many small campaign names to one large, easily blocklisted package—keeping download counts modest but persistent and harder to detect through volume heuristics alone.

Defenders should watch for registry accounts tied to newly minted GitHub repos, packages with frequent minor updates, and post-install code that queries contracts or decodes hex payloads. A realistic 90‑day goal is to reduce exposure windows from hours to minutes through automated rollback, to extend provenance validation across all dependencies, and to elevate pre‑transaction verification to a default in wallets and exchange flows.

Sources:

[1] MetaMask – MetaMask Security Report: April 2025: https://metamask.io/news/metamask-security-report-april-2025

[2] Cointelegraph – Sophisticated crypto address poisoning scams drain $1.2M in March: https://cointelegraph.com/news/address-poisoning-scams-cost-crypto-users-1-2m-march-2025 [3] CoinDesk – Attackers Are Now Using Ether Smart Contracts to Mask Malware: www.coindesk.com/markets/2025/09/04/crypto-hackers-are-now-using-ethereum-smart-contracts-to-mask-malware-payloads/” target=”_blank” rel=”nofollow noopener noreferrer”>https://www.coindesk.com/markets/2025/09/04/crypto-hackers-are-now-using-ethereum-smart-contracts-to-mask-malware-payloads/

[4] Socket – 2025 Blockchain and Cryptocurrency Threat Report: Malware in the Open Source Supply Chain: https://socket.dev/blog/2025-blockchain-and-cryptocurrency-threat-report [5] Infosecurity Magazine – Solana Library Supply Chain Attack Exposes Cryptocurrency Wallets: www.infosecurity-magazine.com/news/solana-library-supply-chain-attack/” target=”_blank” rel=”nofollow noopener noreferrer”>https://www.infosecurity-magazine.com/news/solana-library-supply-chain-attack/

Image generated by DALL-E 3