30 Malicious npm Packages Targeting Crypto Developer Keys and Mnemonics Detected
2026-07-01 16:58

Woofun AI reports that SlowMist detected a coordinated malicious npm supply chain attack involving 30 packages disguised as crypto trading bots. The operation utilized the donoaccestag/forex-mt5-trading-bot repository, which featured stake-math@3.5.4 as a pinned dependency and exhibited approximately 2300 homogenized forks primarily under the poly-stocks account.

The injected JavaScript stealer targets sensitive data including encrypted wallet libraries, browser cookies, developer credentials, private keys, mnemonics, and API tokens. SlowMist advises developers to remove affected packages, audit package.json and CI logs, and rotate all exposed credentials while rebuilding environments from clean images.

Disclaimer: Views are the author's own and do not represent the platform. Do not reproduce without permission. Content is for reference only, not investment advice. Trade at your own risk.
Tags:
SlowMist
npm
stake-math
donoaccestag/forex-mt5-trading-bot
poly-stocks
Share:
back