DuckDB npm account published wallet drainer

On September 9, 2025, one day after the Qix npm-account phishing wave (see [[qix-npm-account]]) took out debug and chalk, the attackers reached the publishing account for DuckDB's npm bindings and pushed a malicious release of duckdb@1.3.3 along with three companion @duckdb/* packages. According to JFrog's follow-up analysis, the same cloned npm login page that captured Josh Junon's credentials also took the duckdb_admin account, allowing the attacker to bypass two-factor authentication and issue a fresh API token.

DuckDB is a fast, in-process analytical database often described as "SQLite for analytics." Its Node.js bindings give JavaScript developers direct access to the engine without a separate server process. The affected version sat on npm for only a short window before maintainers yanked it; JFrog reported that just five downloads of the compromised duckdb@1.3.3 had occurred before removal.

The injected code was the same browser-side cryptocurrency drainer that ran in the earlier wave. JFrog's analysis described heavy JavaScript obfuscation, hooks into Web3 wallet interfaces and XMLHttpRequest, and transaction-rewriting logic that targeted multiple chains and replaced destination addresses before a user signed.

DuckDB is tracked as a separate attack record because its maintainer and artifact scope are independent of the Qix utility packages, but it sits under the same qix-npm-phishing-2025 campaign on the strength of the shared phishing infrastructure, the same-day timing, the identical payload family, and JFrog's direct attribution.

Motive

Financial Gain

Attribution

Group

Cause

Social Engineering

Transitive

No

Actor

Third Party

User Impact

5

• DuckDB npm Account Compromised in Continuing Supply Chain Attacksocket.dev
• New compromised packages identified in largest npm attack in historyjfrog.com