Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised using stolen npm tokens, leading to the publication of malicious versions that installed XMRig cryptocurrency miners on affected systems. The attack, discovered by Sonatype and Socket researchers, deployed the miner to mine Monero while collecting system and location data. Both Rspack and Vant confirmed the breach and released updated, secure versions, advising users to avoid affected versions. This incident is part of a larger trend of supply chain attacks targeting cryptocurrency assets and resources.



‍