Home > Quick > Body

Socket: Detected malicious npm package to steal BSC and Ethereum wallet crypto assets

clock
2025-06-03 02:16:24
On June 3, the Socket security research team discovered four malicious npm packages targeting the wallets of users of Binance Smart Chain (BSC) and Ethereum (Ethereum). These packages are pancake_uniswap_validators_utils_snipe (350 downloads), pancakeswap-oracle-prediction (445 downloads), ethereum-smart-contract (305 downloads) and env-process (1,054 downloads), and the cumulative download volume has exceeded 2,100 times.
The attacker uses obfuscated JavaScript code to calculate the percentage of the target wallet balance and attempts to transfer up to 85% of the assets to a wallet address under their control.
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
New Tab Page - Desk3 | Plugin
Stay ahead of the game in the cryptocurrency space.