Overview A developer of core JavaScript libraries distributed through NPM was hacked after falling for a phishing email. The email used a common trick: an urgent warning that the recipient’s account would be locked unless they updated their two-factor authentication using a link that looked legitimate. A low-skill malicious actor then added crypto-stealing code to those libraries.