Login
Sign Up
Woofun AI reports that blockchain security firm SlowMist has flagged a new campaign where fake trading bot repositories on GitHub steal private keys and sensitive credentials. The attack disguises malware as legitimate automation tools to target developers and traders who install these compromised npm packages. Once executed, the code exfiltrates browser cookies, saved passwords, mnemonic phrases, and API tokens from the victim's system.
The threat specifically exploits the trust users place in developer environments, making detection difficult even for experienced operators. SlowMist notes that the malware is designed to harvest a wide range of data, including SSH keys and developer account credentials, effectively granting attackers full access to multiple wallets. This method represents a sophisticated evolution of supply chain attacks within the cryptocurrency sector.
Per Woofun AI, the firm advises that any user who installed a suspicious package must assume their device is fully compromised. Immediate action requires reissuing all credentials, including wallet private keys and npm tokens, followed by a complete rebuild of the development environment in an isolated setting. Failure to act leaves users vulnerable to continued data exfiltration and unauthorized asset transfers.
This incident underscores the critical need for stricter verification of repository authenticity and the adoption of hardware wallets. As attackers refine their methods to mimic legitimate tools, the crypto community faces an escalating risk from disguised software packages. Vigilance remains the primary defense against these increasingly complex supply chain threats.