On June 3, the Socket security research team discovered four malicious npm packages targeting the wallets of users of Binance Smart Chain (BSC) and Ethereum (Ethereum). These packages are pancake_uniswap_validators_utils_snipe (350 downloads), pancakeswap-oracle-prediction (445 downloads), ethereum-smart-contract (305 downloads) and env-process (1,054 downloads), and the cumulative download volume has exceeded 2,100 times.
The attacker uses obfuscated JavaScript code to calculate the percentage of the target wallet balance and attempts to transfer up to 85% of the assets to a wallet address under their control.
Socket: Detected malicious npm package to steal BSC and Ethereum wallet crypto assets
2025-06-03 02:16:24
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
Previous article:
Socket:监测到恶意 npm 包,窃取 BSC 和 Ethereum 钱包加密资产Next article:
Aptos Labs首席执行官Avery Ching将于明日在美国国会作证