SlowMist has detected a malicious supply chain attack targeting npm users and DeFi developers.

CoinWorld News, SlowMist has detected a malicious supply chain activity targeting npm users and DeFi developers. This activity uses fake trading bot code repositories and DeFi-themed npm packages to distribute JavaScript information stealers to npm users, DeFi developers, and trading bot users. The activity involves 30 malicious npm packages, with approximately 2,300 highly homogeneous forks under the poly-stocks account. Attackers steal sensitive data such as crypto wallets, browser cookies, passwords, developer credentials, private keys, seed phrases, and API tokens. Developers should immediately remove the affected npm packages, audit package.json / package-lock.json and CI logs, replace exposed wallets, private keys, npm tokens, cloud credentials, SSH keys, and API tokens, and rebuild the environment from a clean image.
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 4
  • Repost
  • Share
Comment
Add a comment
Add a comment
Don’tRushToDoubleItYet.
· 4h ago
npm supply chain attack again, poly-stocks' 2300 forks are too outrageous, developers quickly check package.json
View OriginalReply0
Frictionless
· 4h ago
SlowMist's monitoring was timely this time, but how did 2,300 identical forks escape npm review? The platform's responsibility should also be discussed.
View OriginalReply0
PunkRiskMgr
· 4h ago
Rebuilding from a clean image is easier said than done; the actual migration cost is not low, and small teams especially need to lock dependencies in advance.
View OriginalReply0
Half-UnderstoodZk
· 4h ago
Just finished auditing the project, and seeing this gave me cold sweat. There might really be traces of leaks hidden in the CI logs.
View OriginalReply0
  • Pinned