How One Email Nearly Broke the Internet!

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/db/a3/e1/dba3e18c-58da-096a-a75a-f5071d27f706/mza_10308763071364393389.jpg/600x600bb.jpg

The Programming Podcast

53 episodes

6 days ago

Leon Noel and Danny Thompson explain technical problems, industry information, career advice and more on The Programming Podcast! Danny Thompson, Director of Technology @ This Dot Labs Leon Noel, Managing Director @ Resilient Coders & 100Devs

Technology

RSS

All content for The Programming Podcast is the property of The Programming Podcast and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/42391843/42391843-1731606918837-a9c1ba287283e.jpg

How One Email Nearly Broke the Internet!

The Programming Podcast

53 minutes 29 seconds

2 months ago

How One Email Nearly Broke the Internet!

One phishy email to an npm maintainer set off a supply-chain scare that could’ve torched the web—yet the real on-chain damage was… cents. In this episode, we break down how a fake npm 2FA reset (from npmjs.help) led to malicious releases of popular packages like chalk and debug, how the payload hijacked browser crypto flows (monkey-patching window.ethereum, fetch, and XHR), why the blast radius stayed small, and what teams did right (shoutout to Aikido & Vercel).We finish with a rapid “Career Corner” on how to follow up after an interview—with copy-ready lines you can use.SITE https://www.programmingpodcast.com/Stay in Touch:📧 Have ideas or questions for the show? Or are you a business that wants to talk business?Email us at dannyandleonspodcast@gmail.com!Danny Thompsonhttps://x.com/DThompsonDevhttps://www.linkedin.com/in/DThompsonDevwww.DThompsonDev.comLeon Noelhttps://x.com/leonnoelhttps://www.linkedin.com/in/leonnoel/https://100devs.org/📧 Have ideas or questions for the show? Or are you a business that wants to talk business?Email us at dannyandleonspodcast@gmail.com!You’ll learn:- Spotting modern phishing (look-alike TLDs, urgency cues)- What the malware did and why front-end focus limited impact- The minute-by-minute timeline from phish → publish → takedown- Practical defenses: pin versions, lockfiles, audits, password managers, least-privilege tokens- How to write a follow-up email that closesIf this helps, hit 👍 and share with a teammate.Chapters0:00 – The phish that “almost destroyed the internet” (cold open)0:24 – Who clicked: maintainer behind big OSS (chalk, debug)0:44 – Payload in plain English (browser wallet-drainer)1:04 – Actual impact vs. potential blast radius1:20 – Intro + what we’ll cover2:23 – Why this story is everywhere & our plan3:43 – What you’ll know by the end (safety + lessons)4:20 – Act 1: The Email — npmjs.help and urgency tactics6:08 – Phishing 101: quick checks before you click8:25 – Psychology of scams (filtering + anecdotes)12:17 – Act 2: The Payload — monkey-patching fetch/XHR/window.ethereum14:44 – Why front-end focus limited the damage16:41 – How it was caught (Node fetch ReferenceErrors)17:52 – Six–eight hours to fix: containment recap20:04 – Magic links & password managers (practical wins)22:15 – Act 3: The Timeline — 18 packages, what happened when23:39 – Minutes matter: publish → detection → takedown25:12 – Community/GitHub issues light up; npm intervenes26:48 – Root-cause analysis & related accounts28:32 – “System worked” takeaways (+ why that’s good)31:18 – Dev hygiene: pin versions, audits, reduce deps33:10 – Myths debunked (no, every machine wasn’t “fully owned”)35:04 – Shout-outs: Aikido, Vercel, others that responded fast38:22 – Career Corner: following up after interviews (templates)53:22 – Wrap-up & next stepsHelpful links (add your URLs)Aikido write-up / detection notesVercel incident summary + cache purge notesnpm/GitHub advisories for affected packagesPassword manager recommendations / setup guide