SlowMist: Attackers use NPM poisoning to inject malicious SVG and trick DApp users into signing through XSS pop-ups to steal coins

SlowMist Technology's Chief Information Security Officer, 23pds, posted on the X platform that attackers recently poisoned the NPM supply chain, replacing the SVG referenced by the decentralized platform with an embedded malicious script file. They then exploited SVG's XSS pop-up window to trick DApp users into signing and stealing their assets. Please pay attention to security.