Home > Quick > Body

Coordinated Malicious Npm Supply Chain Campaign Targets DeFi Developers and Trading Bot Users, SlowMist Says

clock
2026-07-01 09:03:49
SlowMist said its MistEye system detected a coordinated malicious npm supply chain campaign that used fake trading-bot repositories and DeFi-themed npm packages to distribute a JavaScript information-stealing tool to npm users, DeFi developers, and trading-bot users. According to Foresight News, the activity involved 30 malicious npm packages, including [email protected], which appeared as a locked dependency in the repository donoaccestag/forex-mt5-trading-bot.

SlowMist said the repository showed clear abnormal signals, including reliance on malicious npm packages that had already been reported by security researchers. It also flagged about 2,300 highly similar forks that may have been generated in bulk, mainly concentrated under the poly-stocks account.

The potential attacker’s actions may include stealing local sensitive data such as cryptocurrency wallets, browser cookies, saved passwords, browsing history, developer credentials, shell history, password manager vaults, private keys, seed phrases, and API tokens found in source code.

SlowMist advised developers to immediately remove the affected npm packages and audit package.json, package-lock.json, and CI logs to identify the 30 malicious packages. It also recommended treating any system that has run npm install as potentially compromised, promptly rotating exposed wallets, private keys, npm tokens, cloud credentials, SSH keys, and API tokens, and rebuilding affected environments from clean images.
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
New Tab Page - Desk3 | Plugin
Stay ahead of the game in the cryptocurrency space.