Did the NPM supply chain attack affect Binance's customer data or assets?

The world’s largest crypto exchange by trading volume, Binance, reassured customers on Tuesday that no user data or assets were compromised during one of the largest supply chain attacks ever to hit the JavaScript ￰0￱ to a statement posted on X, Binance stated no harm was done to its database during a breach that targeted widely used ￰1￱ packages involved in over 2 billion weekly app downloads. “We’re aware of the recent supply chain attack, which published malicious versions of several widely used JavaScript packages,” the company wrote. “After investigation, we’ve confirmed we were not impacted and no customer data or assets are at ￰2￱ remains our top priority, this compromise is a reminder of how critical supply chain security ￰3￱ SAFU.” Speaking about the supply chain attack on the social platform, co-founder Changpeng Zhao, also known as CZ, remarked , “Even open-source software is not safe these days.

Web3 will redefine security for ￰4￱ are still early.” Supply chain attack on JavaScript packages scares crypto investors The attack, which security researchers have called one of the largest in NPM’s history, took place on September ￰5￱ compromised the account of a trusted open-source maintainer known by the handle “qix,” also identified as Josh ￰6￱ attackers tricked Junon through a phishing email impersonating official communications from npmjs, the central repository for JavaScript ￰7￱ seen in the fraudulent email, the perpetrators convinced Junon that his account would be locked on September 10, 2025, unless he immediately updated his two-factor authentication credentials.

“As part of our ongoing commitment to account security, we are requesting that all users update their Two-Factor Authentication (2FA) ￰8￱ records indicate it has been over 12 months since your last 2FA update,” the email ￰9￱ malicious email that set off one of the largest NPM attacks in history.