Supply chain attacks affect PyPI/npm/crates.io, with over 34 malicious packages targeting cryptocurrency and AI developers
By: rootdata|2026/05/26 04:45:01
0
Share
According to Slow Fog's disclosure, the security agency MistEye detected a cross-registry supply chain attack incident, where attackers targeted developers in the fields of cryptocurrency, DeFi, Solana, Sui/Move, and AI by publishing malicious packages on npm, PyPI, and crates.io. This attack activity includes more than 34 malicious packages and over 384 related versions. The attackers may steal cryptocurrency wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, environment variables, and developers' confidential information.
Some of the malicious payloads also attempted to achieve persistence through .cursorrules, CLAUDE.md, Git hooks, shell hooks, cron, systemd, and SSH. Developers are advised to immediately remove the affected packages, isolate the affected systems, retain logs, rotate exposed credentials, rebuild CI environments and developer machines from clean images, and review GitHub, cloud services, SSH, and wallet activity logs.
You may also like
Tokenized US stocks are not the "liquidity killer" of the crypto market
"As garbage coins are gradually eliminated, the protocols, infrastructure, and financial products that can truly create value have the opportunity to obtain a more reasonable valuation."
Why do I still have confidence in ETH?
As stablecoins and RWAs accelerate on-chain, Ethereum's role as a global value settlement layer has only just begun, and the market will eventually reprice ETH.
CRCL surges and plummets, COIN follows with a dive: The real battle for interests behind the CLARITY Act
The leak of the CLARITY bill draft has triggered a plunge in Circle and Coinbase, directly hitting the core provision of the stablecoin "ban on interest," revealing the deep political and economic game in Washington's strict prevention of stablecoins evolving into on-chain savings accounts and the c...
What Is TradFi and Why Is Everyone Talking About It in 2026?
Gold is rallying, SpaceX is heading for a historic IPO, and oil remains highly volatile. Discover why TradFi is back in focus and how crypto traders can access these opportunities with USDT. Put another way, TradFi Is Having Its Biggest Moment Ever, and Crypto Traders Are Perfectly Positioned
From Poland to Paris: A Look Back at WEEX's Global Community Journey in May 2026
Follow WEEX's global journey across Poland, Barcelona, Dubai, Milan and Paris. Explore Bitcoin Pizza Day, LALIGA VIP experiences, Web3 networking events, trading education and more from an action-packed May.
WEEX WXT Eco Carnival: How to Join WXT Events and Plan Trading Tasks
The WEEX WXT Eco Carnival is an ecosystem campaign built around WEEX Token (WXT), designed for users interested in platform tokens, spot trading, futures trading, deposit tasks, and referral rewards.
WSJ: Hyperliquid is becoming Wall Street's crypto "convenience store"
Hyperliquid has become a 24/7 trading venue, with more and more traditional and cryptocurrency traders flocking to the platform to bet on almost all assets.
Morning Report | Robinhood completes acquisition of WonderFi for $180 million; Anthropic submits IPO draft application to SEC confidentially; Google plans to raise $80 billion in financing
Overview of Important Market Events on June 2nd
Morning Report | Strategy sold 32 BTC and over 800,000 shares of MSTR last week; Binance officially announced its U.S. stock trading portal; Polymarket reached an exclusive partnership with OneFootball
Overview of Important Market Events on June 1st
Zhou Hang: How much is SpaceX really worth?
Great companies do not equal good stocks: A deep analysis of why SpaceX's $1.75 trillion IPO valuation may contain a $1.25 trillion bubble, and retail investors should avoid blindly chasing "story premiums."
IOSG: From Coinbase to Upbit: How a Token Completes a 28-Day Journey of Taking Over
The IOSG report indicates that by 2026, the listing of tokens on first-tier exchanges has formed a highly structured path where Coinbase and ByBit are responsible for initial discovery, Binance quickly verifies and confirms, and Korean exchanges provide liquidity at the end.
Exclusive Interview with Alpaca CEO: What is the background of the US stock underlying service provider behind Binance and Bitget?
Binance and Bitget's underlying service provider in the US stock market, Alpaca, has entered the unicorn club with its "AWS of Finance" model, currently holding 94% of the tokenized US stock market share and is accelerating the transformation of global on-chain financial infrastructure.
Variant: Three types of L1 assets are highly likely to become the main means of value storage
The basic judgment factors include: technical durability, resistance to censorship, scarcity, economic productivity, etc.
Does the performance on Perp DEX become an "invisible threshold" and "amplifier" for new coins to go live on CEX?
The liquidity migration of the new currency in 2026 from the perspective of open interest (OI) and asset labels.
a16z Crypto's latest article: Why do we need to predict the market?
It turns people's judgments about the future into tradable probabilities. It has advantages in both predictive accuracy and coverage that traditional polls find hard to match, but whether it can realize its potential depends on whether it can solve the design challenges of transparency, insider info...
Strategy cashes out 2.5 million USD, but Bitcoin's market value dropped by 80 billion USD in one day
The market's reliance on this narrative of hoarding coins is more fragile than many people imagine.
Collective Change of Ownership for Crypto Exchanges? The Positioning Competition Among South Korean Financial Giants
Securities firms and banks work together to reposition the landscape of cryptocurrency in South Korea.
WEEXPERIENCE Trading Bootcamp in Poland: How WEEX & FireCrew Are Making Crypto Trading Accessible to Everyone
WEEX partnered with Firecrew in Poland on May 29th for the WEEXPERIENCE trading bootcamp. Read the recap of expert sessions on technical analysis, trading psychology, and AI tools that prove WEEX’s mission to make crypto trading accessible to everyone.
Tokenized US stocks are not the "liquidity killer" of the crypto market
"As garbage coins are gradually eliminated, the protocols, infrastructure, and financial products that can truly create value have the opportunity to obtain a more reasonable valuation."
Why do I still have confidence in ETH?
As stablecoins and RWAs accelerate on-chain, Ethereum's role as a global value settlement layer has only just begun, and the market will eventually reprice ETH.
CRCL surges and plummets, COIN follows with a dive: The real battle for interests behind the CLARITY Act
The leak of the CLARITY bill draft has triggered a plunge in Circle and Coinbase, directly hitting the core provision of the stablecoin "ban on interest," revealing the deep political and economic game in Washington's strict prevention of stablecoins evolving into on-chain savings accounts and the c...
What Is TradFi and Why Is Everyone Talking About It in 2026?
Gold is rallying, SpaceX is heading for a historic IPO, and oil remains highly volatile. Discover why TradFi is back in focus and how crypto traders can access these opportunities with USDT. Put another way, TradFi Is Having Its Biggest Moment Ever, and Crypto Traders Are Perfectly Positioned
From Poland to Paris: A Look Back at WEEX's Global Community Journey in May 2026
Follow WEEX's global journey across Poland, Barcelona, Dubai, Milan and Paris. Explore Bitcoin Pizza Day, LALIGA VIP experiences, Web3 networking events, trading education and more from an action-packed May.
WEEX WXT Eco Carnival: How to Join WXT Events and Plan Trading Tasks
The WEEX WXT Eco Carnival is an ecosystem campaign built around WEEX Token (WXT), designed for users interested in platform tokens, spot trading, futures trading, deposit tasks, and referral rewards.
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com
