The story is incredible, given that the malicious code wasn't even in the crypto software, but a module of npm. It goes to show the popularity of crypto when hackers are going to obscure lengths to hack it! It's worrying how much software relies on npm.