Supply chain attacks affect PyPI/npm/crates.io, with over 34 malicious packages targeting cryptocurrency and AI developers
By: rootdata|2026/05/26 04:45:01
0
Share
According to Slow Fog's disclosure, the security agency MistEye detected a cross-registry supply chain attack incident, where attackers targeted developers in the fields of cryptocurrency, DeFi, Solana, Sui/Move, and AI by publishing malicious packages on npm, PyPI, and crates.io. This attack activity includes more than 34 malicious packages and over 384 related versions. The attackers may steal cryptocurrency wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, environment variables, and developers' confidential information.
Some of the malicious payloads also attempted to achieve persistence through .cursorrules, CLAUDE.md, Git hooks, shell hooks, cron, systemd, and SSH. Developers are advised to immediately remove the affected packages, isolate the affected systems, retain logs, rotate exposed credentials, rebuild CI environments and developer machines from clean images, and review GitHub, cloud services, SSH, and wallet activity logs.
You may also like
Three years later: Looking back at my judgment of ChatGPT in 2023
In fact, it's not that difficult to see the big picture; the hard part is admitting that we have repeatedly taken for granted the numbers, speed, and distribution.
From Casino Tools to Global Pricing Machines: The NYSE Leader's Perspective on Hyperliquid
"Why can they do it, but we can't?" This rhetorical question not only reveals the anxiety of traditional exchanges but also reflects the subtle and complex game between TradFi and DeFi after perpetual contracts have shifted from being gambling tools to global price discovery infrastructure.
A Detailed Analysis of "Stock God Serenity" Investment Methodology
In the major trend of AI and other areas, instead of buying the most eye-catching popular stocks, we should drill down along the industry chain to find the most irreplaceable bottlenecks in future architectural migrations, and place bets in advance while old financial reports, old valuations, and ol...
Sharplink CEO: The future of Ethereum is unfolding
The market is focused on the ETH price and foundation controversies, but overlooks the bigger picture: Ethereum is far ahead in stablecoin settlement, RWA, and DeFi, and has already met the conditions for institutional adoption.
Morning Report | Korea Investment & Securities and OKX plan to jointly acquire 40% of Coinone; Polymarket denies implementing KYC comprehensively; Grayscale delays U.S. stock IPO plans
Overview of Important Market Events on May 28
Bit Digital CEO: Why I Bought More ETH
Valuation re-evaluation will never come from retail investors' enthusiasm for narratives; for an asset with such a vast underlying infrastructure, that has always been a fragile foundation. The real catalyst is institutional demand, and institutional demand does not operate according to the timeline...
A Decade of Three Waves of Stock Tokenization from Bitget's Reality: An Unfinished Financial Exploration
Reality represents the latest step in this revolution. What the next step is, is not in Bitget's release materials, but in the next 12 to 24 months, on the first day Nasdaq goes live, on the day the SEC's new regulations take effect, and on the day Bitget can obtain a formal financial license in a m...
"Hu Run Baifu" Dialogue with Sun Yuchen: A New Paradigm of Value Circulation in the Web3 Transformation Cycle
In an exclusive interview with Hurun Report, Sun Yuchen succinctly summarized his long-term core goal: "To enable anyone in the world, regardless of their location or whether they have a bank account, to transfer and use their funds at low cost and high efficiency."
Is it hackers and regulation that ruined DeFi?
The future of DeFi will either move towards a stricter industry self-discipline and compliance framework, forced to compromise on the principles of decentralization; or it will gradually lose market confidence in the ongoing imbalance of offense and defense, leading to long-term marginalization.
Chris Lee: From crypto OG to heavy investments in the three storage giants, predictions on AI bull market corrections, Web4, and opportunities for the younger generation
The Web3 era has passed, following the flow of capital.
Ready for a Walk on the Wilder Side of Proof of Talk 2026? Join WEEX Labs in Paris
Two side events, one mission: to turn passive conference-going into active Web3 experience. From a live AI trading competition with Pudgy Penguins Europe to an exclusive VIP dinner at Le Cafe Marly—here's how WEEX Labs is bringing AI and crypto innovation to life during Proof of Talk 2026.
Gold vs Bitcoin in 2026: Which Market Is Giving Traders Better Opportunities?
Gold or Bitcoin? Discover which market is offering better trading opportunities in 2026, what drives each asset, and how traders can access both gold and Bitcoin from a single USDT account.
Morning News | Coinbase partners with Standard Chartered Bank to expand multi-currency fiat channels; Sharplink and Forward will be included in the Russell Index; JPMorgan may issue stablecoins in the future
Overview of Important Market Events on May 27
Hash Global Founder: Why I Also Chose to Liquidate All My ETH?
The regulatory clarity brought by the CLARITY Act can indeed fix the compliance discount of ETH, but this does not equate to granting it a currency premium similar to gold or BTC. The core positioning of ETH remains as on-chain financial infrastructure, and its long-term valuation should return to f...
Tokenized US Stock Duel: Ondo vs. xStocks, Who is Defining On-Chain Nasdaq?
Tokenization is redefining the issuance, holding, trading, and circulation of stocks.
He Yideng ranked: Since you're here, you might as well
He Yi from Binance was selected for Fortune's "Most Powerful Women in Business" list, expressed gratitude to the community, and announced Binance's new vision: to build financial infrastructure serving 3 billion people worldwide.
The era of regulatory arbitrage has come to an end, and the value of cryptocurrency exchange licenses is being fiercely contested
Understanding the true value of a license is the foundation for assessing the long-term sustainability of an exchange.
Six Major Complaints from an Ethereum Developer
Ethereum has not missed the market, it has missed itself.
Three years later: Looking back at my judgment of ChatGPT in 2023
In fact, it's not that difficult to see the big picture; the hard part is admitting that we have repeatedly taken for granted the numbers, speed, and distribution.
From Casino Tools to Global Pricing Machines: The NYSE Leader's Perspective on Hyperliquid
"Why can they do it, but we can't?" This rhetorical question not only reveals the anxiety of traditional exchanges but also reflects the subtle and complex game between TradFi and DeFi after perpetual contracts have shifted from being gambling tools to global price discovery infrastructure.
A Detailed Analysis of "Stock God Serenity" Investment Methodology
In the major trend of AI and other areas, instead of buying the most eye-catching popular stocks, we should drill down along the industry chain to find the most irreplaceable bottlenecks in future architectural migrations, and place bets in advance while old financial reports, old valuations, and ol...
Sharplink CEO: The future of Ethereum is unfolding
The market is focused on the ETH price and foundation controversies, but overlooks the bigger picture: Ethereum is far ahead in stablecoin settlement, RWA, and DeFi, and has already met the conditions for institutional adoption.
Morning Report | Korea Investment & Securities and OKX plan to jointly acquire 40% of Coinone; Polymarket denies implementing KYC comprehensively; Grayscale delays U.S. stock IPO plans
Overview of Important Market Events on May 28
Bit Digital CEO: Why I Bought More ETH
Valuation re-evaluation will never come from retail investors' enthusiasm for narratives; for an asset with such a vast underlying infrastructure, that has always been a fragile foundation. The real catalyst is institutional demand, and institutional demand does not operate according to the timeline...
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com
