Multiple DuckDB-related npm packages were compromised, including duckdb and its associated modules, which contained malicious code aimed at draining crypto wallets. The attack mirrors previous incidents of phishing in the npm ecosystem, leading to the vendor marking the latest release as deprecated and issuing an advisory on GitHub.