Wu said that crypto researcher @LehmannLorenz tweeted that his computer was almost hacked by a malicious code extension. The extension was released by an unverified developer, but received 1.7 million downloads and a perfect rating in one day. The malicious code downloaded and executed a file from a Russian server through an obfuscated JavaScript file, using PowerShell for a fileless attack. This type of attack leaves no trace on the hard drive and is difficult to detect. SlowMist Yuxian responded that this was a supply chain net attack on Solidity smart contract developers. The editor environment is a high-risk area for supply chain attacks. I have always tried to isolate what I can use, and try not to install what I can avoid, to ensure the principle of "enough is enough". All the fancy things are thrown into independent computers or virtual machines.