Supply chain attacks affect PyPI/npm/crates.io, with over 34 malicious packages targeting cryptocurrency and AI developers
By: rootdata|2026/05/25 16:42:54
0
Share
According to Slow Fog's disclosure, the security agency MistEye detected a cross-registry supply chain attack incident, where attackers targeted developers in the fields of cryptocurrency, DeFi, Solana, Sui/Move, and AI by publishing malicious packages on npm, PyPI, and crates.io. This attack activity includes more than 34 malicious packages and over 384 related versions. The attackers may steal cryptocurrency wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, environment variables, and developers' confidential information.
Some of the malicious payloads also attempted to achieve persistence through .cursorrules, CLAUDE.md, Git hooks, shell hooks, cron, systemd, and SSH. Developers are advised to immediately remove the affected packages, isolate the affected systems, retain logs, rotate exposed credentials, rebuild CI environments and developer machines from clean images, and review GitHub, cloud services, SSH, and wallet activity logs.
You may also like
New Types of Information Laundering in Prediction Markets: How Secrets Integrate into Investment Signals
The harsh reality is that information laundering is not a man-made loophole in the prediction market, but rather a side effect of its core operating mechanism.
The richest chairman of the Federal Reserve in 112 years has arrived: Kevin Warsh is rewriting the rules
The "richest" new chairman of the Federal Reserve, Kevin Warsh, has officially taken office. His alternative proposal of "balance sheet reduction + interest rate cuts" aims not only to reshape the decision-making mechanism but also to profoundly disrupt the U.S. Treasury, the dollar, and the global ...
Vitalik talks about the future of the Ethereum Foundation: a smaller, more distinctive, yet more enduring ship
Vitalik elaborated on his personal views regarding the transformation direction of the Ethereum Foundation: EF is not "the center of Ethereum," but one of many nodes. With limited resources, EF chooses long-termism over spreading itself thin, focusing on key tasks that "would not happen without EF"—...
Agentic Design Patterns: A book that made me rethink "What exactly is an Agent?"
Google Engineering Director's new book deeply analyzes: 21 design patterns of AI Agents. This article reveals the core progression from "bare LLM" to advanced intelligent agents, detailing Context Engineering, the dual Agent reflection mechanism (Producer-Critic), and the three-layer memory model, w...
Key Takeaways: Full Text of Google Chief Scientist Shanahan's Speech
Google DeepMind Chief Scientist Shanahan's London Speech: Deconstructing the mental attributes of large language models (LLM) using the framework of Wittgenstein, analyzing the trend of "alien self-identity" under the context of all-weather agents.
SuperEx's Mars exploration dream: Digital currency is the key to unlocking economic exchanges in the interstellar era
SuperEx has always called for exchanges to focus not on internal strife and competition, but on jointly promoting the development of digital currencies, becoming a driving force for the future interstellar era.
Morning News | Michael Saylor stated that this week he bought bonds instead of Bitcoin; StablR was attacked and lost about 2.8 million dollars; the U.S. Congress is pushing the Bitcoin Reserve Act again
Overview of Important Market Events on May 24
a16z: 7 Images to Understand How Tokenization Changes the Nature of Assets
It's far more than just moving traditional assets onto the blockchain.
The secret to Hyperliquid's success dismantled from the five-layer financial stack
Hyperliquid is not a DEX that continuously adds features, but rather a financial operating system built in a strict sequence.
After Futu Securities was banned, will buying stocks on-chain be the new remedy?
If it moves steadily, it may be an important stop for financial assets on the blockchain; if treated as a detour tool, it will become the next risk site.
Why Crypto Traders Are Watching Gold and Nasdaq Again in 2026
Bitcoin is ranging while gold and Nasdaq volatility surge in 2026. Discover why crypto traders are using USDT to trade gold, silver, and global indices without a traditional brokerage account.
Why have foreign exchange stablecoins never taken off?
Rather than issuing a local currency stablecoin from scratch, it is better to build a layer of foreign currency pricing on top of a USD stablecoin, allowing users to enjoy the liquidity of the dollar while keeping accounts in local currency.
AIDC, computing power leasing, and cloud: The "three-part thesis" of AI transformation in cryptocurrency mining farms
The "AI transformation" of cryptocurrency mining farms is not just a slogan; it is unfolding in three recognizable stages.
Futu has had all its illegal gains confiscated, reminding cryptocurrency exchanges
Even if foreign financial institutions obtain licenses abroad, as long as you are effectively providing financial services to residents in mainland China, Chinese regulatory authorities may evaluate your actions according to Chinese law.
Football, Web3 & Champions' Energy: A Recap of WEEX's LALIGA VIP Meetup in Barcelona
Relive WEEX's exclusive LALIGA VIP Meetup in Barcelona with football legend Fernando Morientes. From a fireside chat and on-site WEEX x LALIGA signing to partner awards and a live LALIGA match broadcast, discover how WEEX connected football culture, Web3, and community.
Pizza, Poker & AI Trading: A Recap of WEEX Crypto Pizza Day in Dubai
Relive WEEX Crypto Pizza Day in Dubai, where the MENA crypto community gathered at WEEX Dubai Studio to celebrate Bitcoin Pizza Day with pizza, poker, networking, and a live AI trading competition. Discover how WEEX turned a historic crypto milestone into a hands-on AI trading experience.
Morning Report | SpaceX reveals it holds approximately $1.45 billion in Bitcoin; Nvidia's Q1 financial report shows revenue of $81.6 billion; Manus plans to raise $1 billion for buyback business
Overview of Important Market Events on May 21
IOSG Founder: Please tell Vitalik the truth, let the OGs who have enjoyed the industry's dividends enlighten the young people
The wage earners freeze to death on the road, the sellers of goods die of thirst on the way. The weavers of brocade wear coarse cloth, and the grain growers do not have enough to eat.
New Types of Information Laundering in Prediction Markets: How Secrets Integrate into Investment Signals
The harsh reality is that information laundering is not a man-made loophole in the prediction market, but rather a side effect of its core operating mechanism.
The richest chairman of the Federal Reserve in 112 years has arrived: Kevin Warsh is rewriting the rules
The "richest" new chairman of the Federal Reserve, Kevin Warsh, has officially taken office. His alternative proposal of "balance sheet reduction + interest rate cuts" aims not only to reshape the decision-making mechanism but also to profoundly disrupt the U.S. Treasury, the dollar, and the global ...
Vitalik talks about the future of the Ethereum Foundation: a smaller, more distinctive, yet more enduring ship
Vitalik elaborated on his personal views regarding the transformation direction of the Ethereum Foundation: EF is not "the center of Ethereum," but one of many nodes. With limited resources, EF chooses long-termism over spreading itself thin, focusing on key tasks that "would not happen without EF"—...
Agentic Design Patterns: A book that made me rethink "What exactly is an Agent?"
Google Engineering Director's new book deeply analyzes: 21 design patterns of AI Agents. This article reveals the core progression from "bare LLM" to advanced intelligent agents, detailing Context Engineering, the dual Agent reflection mechanism (Producer-Critic), and the three-layer memory model, w...
Key Takeaways: Full Text of Google Chief Scientist Shanahan's Speech
Google DeepMind Chief Scientist Shanahan's London Speech: Deconstructing the mental attributes of large language models (LLM) using the framework of Wittgenstein, analyzing the trend of "alien self-identity" under the context of all-weather agents.
SuperEx's Mars exploration dream: Digital currency is the key to unlocking economic exchanges in the interstellar era
SuperEx has always called for exchanges to focus not on internal strife and competition, but on jointly promoting the development of digital currencies, becoming a driving force for the future interstellar era.
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com
