--
[SlowMist Alert: NPM Supply Chain Poisoning Attack Threatens DApp Users' Asset Security] SlowMist Technology's Chief Information Security Officer, 23pds, posted on the X platform, pointing out that recently attackers have been exploiting NPM supply chain poisoning by replacing SVG files referenced by decentralized platforms with versions embedded with malicious scripts. These malicious SVG files use cross-site scripting (XSS) attacks to generate pop-ups, luring DApp users into signing operations, thereby stealing user assets. SlowMist advises developers and users to strengthen security measures to prevent asset losses caused by supply chain vulnerabilities.