Big warning: a huge NPM supply-chain hack is live. Some web apps pulled bad scripts. The code runs in your browser. It watches your crypto transfers and swaps the address to the attacker’s. This hits ETH, BTC, SOL, TRX, LTC, and BCH. It’s dangerous because it works at many layers - it can change what you see, mess with API calls, and trick apps about what you’re signing. If you use a hardware wallet, slow down. Read the device screen for chain, amount, and the full address. Only then press confirm. No hardware wallet? Best move is to pause on-chain transactions for now - that’s what Ledger’s CTO advises. Be extra careful. Use only apps you really trust. Turn off browser extensions. Clear cache. Run a malware scan. Revoke risky approvals. Use transaction simulation. Stay safe and share with your friends.