Slow Mist Detects 30 Malicious npm Packages Targeting DeFi Developers and Supply Chain
2026-07-01 16:55

Woofun AI reports that MistEye has identified a coordinated malicious campaign within the npm supply chain targeting DeFi developers and trading bot users. The attack utilized 30 malicious packages, including stake-math@3.5.4, to deploy JavaScript-based data theft tools capable of exfiltrating private keys, seed phrases, and API tokens. Developers are advised to remove affected packages, audit dependencies, and rotate all compromised credentials immediately.

Disclaimer: Views are the author's own and do not represent the platform. Do not reproduce without permission. Content is for reference only, not investment advice. Trade at your own risk.
Tags:
MistEye
npm
Foresight News
Share:
back