Supply chain attacks affect PyPI/npm/crates.io, with over 34 malicious packages targeting cryptocurrency and AI developers
By: rootdata|2026/05/26 04:45:01
0
Share
According to Slow Fog's disclosure, the security agency MistEye detected a cross-registry supply chain attack incident, where attackers targeted developers in the fields of cryptocurrency, DeFi, Solana, Sui/Move, and AI by publishing malicious packages on npm, PyPI, and crates.io. This attack activity includes more than 34 malicious packages and over 384 related versions. The attackers may steal cryptocurrency wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, environment variables, and developers' confidential information.
Some of the malicious payloads also attempted to achieve persistence through .cursorrules, CLAUDE.md, Git hooks, shell hooks, cron, systemd, and SSH. Developers are advised to immediately remove the affected packages, isolate the affected systems, retain logs, rotate exposed credentials, rebuild CI environments and developer machines from clean images, and review GitHub, cloud services, SSH, and wallet activity logs.
You may also like
Ten Thousand Characters Breakdown of On-Chain Vaults: Eight Major Tracks, Who is Rising and Who is Declining?
On one side is the collective withdrawal of lending and collateral-type vaults, while on the other side is the counter-trend growth of RWA and curation vaults. On-chain vaults are no longer a single market, but rather eight increasingly differentiated tracks. This ten-thousand-word research report t...
Hash Global Founder: Why I Also Chose to Liquidate All My ETH?
The regulatory clarity brought by the CLARITY Act can indeed fix the compliance discount of ETH, but this does not equate to granting it a currency premium similar to gold or BTC. The core positioning of ETH remains as on-chain financial infrastructure, and its long-term valuation should return to f...
Morning News | Coinbase partners with Standard Chartered Bank to expand multi-currency fiat channels; Sharplink and Forward will be included in the Russell Index; JPMorgan may issue stablecoins in the future
Overview of Important Market Events on May 27
Morning News | Hyperliquid launches off-chain event prediction market contracts; Strategy completes $1.5 billion debt buyback; Kelp DAO announces rsETH has fully recovered
Overview of Important Market Events on May 26
Bankless Founder: Why I Sold All My ETH
We have come a long way, and Ethereum has already achieved its deserved maximum potential market value.
Senior Public Company Financial Audit: Taking Hashkey as an Example, Discussing Which Account to Include for Exchange Issued Platform Tokens?
In-depth analysis of Hashkey's IPO financial report: the platform token HSK is cleverly classified by the official as "contract liabilities" to smooth profits, and the expectation of up to 95% "dead coins" reveals a significant misalignment between the company's compliance logic and investors' specu...
How did Micron win a trillion-dollar market value while Samsung relies on technology cycles and Hynix relies on HBM?
Chip giant Micron Technology's total market value has surpassed $100 billion. It has navigated multiple rounds of industry reshuffling by controlling manufacturing costs and is currently facing a new cycle of competition in the high-end HBM segment, mid-to-low-end market competition, and adjustments...
Dialogue with AEON co-founder Leo: The real bottleneck of the Agentic Economy is not the model, but the settlement
Committed to becoming the "Stripe" of the AI payment era.
2 years, 225 times the return? Unveiling the mysterious researcher Serenity's AI "bottleneck" investment technique
Former WSB trader Serenity has achieved a staggering 225 times return on the X platform over two years, with their original "supply chain bottleneck" theory and several classic micro-cap reverse sniper case studies attracting strong market attention.
B.AI partners with BNB Chain to launch the "Billion AI Token Subsidy" celebration, fully igniting the on-chain intelligent agent ecosystem
B.AI partners with BNB Chain to launch a hundred billion points subsidy program, with an additional special incentive of 8,000 USDT in the total prize pool, helping Web3 players access top large models with zero barriers and experience a full-stack AI financial foundation.
The trillion-dollar frenzy of selling memory, profits from buying memory are halved
The demand for computing power and storage by AI may indeed be structural, and LTA may have truly rewritten the industry rules; a trillion-dollar market value may just be the starting point.
Who can make money in the era of Agents?
The next billion users will be Agents, but the crypto world has not yet found their wallets.
From brokerages to banks, Hong Kong intensifies efforts to clean up cross-border investment account openings
Where there is a large market demand, there will be opportunities in Hong Kong.
DeFi has reached its most dangerous moment: the real vulnerabilities are not in the code
April 2026 is not just a security crisis; it is the moment when the industry's mental model completely collapses, and it is also the moment when the protocols that can survive are distinguished from those that cannot.
Morning Report | Binance launches DYOR research tool; YZi Labs launches recruitment platform YZi Talent; Vitalik states that the Ethereum Foundation will "downsize" and reduce the amount of ETH sold
Overview of Important Market Events on May 25
Insiders betting on Musk are reaping "historic returns."
SpaceX submitted its S-1 prospectus for the largest IPO in history, disclosing details of Class A shareholdings, significant losses in the AI sector, and multiple related party transactions, with an expected listing in mid-June.
Behind NEAR's Doubling: 3 Major Trends Becoming the Engine of Coin Prices
AI + Privacy + Buyback.
Visa and Stripe are both working on stablecoins, but their focus is not on payments
Why do businesses still need stablecoins? What problems do stablecoins actually solve?
Ten Thousand Characters Breakdown of On-Chain Vaults: Eight Major Tracks, Who is Rising and Who is Declining?
On one side is the collective withdrawal of lending and collateral-type vaults, while on the other side is the counter-trend growth of RWA and curation vaults. On-chain vaults are no longer a single market, but rather eight increasingly differentiated tracks. This ten-thousand-word research report t...
Hash Global Founder: Why I Also Chose to Liquidate All My ETH?
The regulatory clarity brought by the CLARITY Act can indeed fix the compliance discount of ETH, but this does not equate to granting it a currency premium similar to gold or BTC. The core positioning of ETH remains as on-chain financial infrastructure, and its long-term valuation should return to f...
Morning News | Coinbase partners with Standard Chartered Bank to expand multi-currency fiat channels; Sharplink and Forward will be included in the Russell Index; JPMorgan may issue stablecoins in the future
Overview of Important Market Events on May 27
Morning News | Hyperliquid launches off-chain event prediction market contracts; Strategy completes $1.5 billion debt buyback; Kelp DAO announces rsETH has fully recovered
Overview of Important Market Events on May 26
Bankless Founder: Why I Sold All My ETH
We have come a long way, and Ethereum has already achieved its deserved maximum potential market value.
Senior Public Company Financial Audit: Taking Hashkey as an Example, Discussing Which Account to Include for Exchange Issued Platform Tokens?
In-depth analysis of Hashkey's IPO financial report: the platform token HSK is cleverly classified by the official as "contract liabilities" to smooth profits, and the expectation of up to 95% "dead coins" reveals a significant misalignment between the company's compliance logic and investors' specu...
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com
