Supply chain attacks affect PyPI/npm/crates.io, with over 34 malicious packages targeting cryptocurrency and AI developers
By: rootdata|2026/05/26 04:45:01
0
Share
According to Slow Fog's disclosure, the security agency MistEye detected a cross-registry supply chain attack incident, where attackers targeted developers in the fields of cryptocurrency, DeFi, Solana, Sui/Move, and AI by publishing malicious packages on npm, PyPI, and crates.io. This attack activity includes more than 34 malicious packages and over 384 related versions. The attackers may steal cryptocurrency wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, environment variables, and developers' confidential information.
Some of the malicious payloads also attempted to achieve persistence through .cursorrules, CLAUDE.md, Git hooks, shell hooks, cron, systemd, and SSH. Developers are advised to immediately remove the affected packages, isolate the affected systems, retain logs, rotate exposed credentials, rebuild CI environments and developer machines from clean images, and review GitHub, cloud services, SSH, and wallet activity logs.
You may also like
The truth about global payments has been revealed by Airwallex
For the global payment industry, shortcuts can help you run faster, but only by turning the most difficult parts into your own capabilities can you go further.
Six Major Complaints from an Ethereum Developer
Ethereum has not missed the market, it has missed itself.
The era of regulatory arbitrage has come to an end, and the value of cryptocurrency exchange licenses is being fiercely contested
Understanding the true value of a license is the foundation for assessing the long-term sustainability of an exchange.
He Yideng ranked: Since you're here, you might as well
He Yi from Binance was selected for Fortune's "Most Powerful Women in Business" list, expressed gratitude to the community, and announced Binance's new vision: to build financial infrastructure serving 3 billion people worldwide.
Bitcoin Price Prediction 2030: Will BTC Really Hit $1 Million?
See what Ark Invest, Standard Chartered, and CoinCodex forecast for bitcoin price prediction 2030, plus the key risks and how to position. Full WEEX analysis.
Best Moomoo Alternatives in 2026: Trade Stocks, Gold & Forex With USDT
Looking for the best moomoo alternatives in 2026? Compare IBKR, Webull, Tiger Brokers, and crypto-native TradFi platforms like WEEX. Learn how traders are using USDT to trade stocks, gold, forex, and global markets without relying on traditional brokerage accounts.
Tokenized US Stock Duel: Ondo vs. xStocks, Who is Defining On-Chain Nasdaq?
Tokenization is redefining the issuance, holding, trading, and circulation of stocks.
WEEX GOGOGO EP3|LALIGA Road to Gold – 6 Explosive Moments, 1 World Cup Ticket, and a Night Nobody Will Forget
WEEX went live on May 24 with LALIGA, AI trading, 0-fee gold, and 100% APR. The chat exploded. The rewards flew. And one lucky fan walked away with a World Cup ticket. Here's what happened.
Ten Thousand Characters Breakdown of On-Chain Vaults: Eight Major Tracks, Who is Rising and Who is Declining?
On one side is the collective withdrawal of lending and collateral-type vaults, while on the other side is the counter-trend growth of RWA and curation vaults. On-chain vaults are no longer a single market, but rather eight increasingly differentiated tracks. This ten-thousand-word research report t...
Hash Global Founder: Why I Also Chose to Liquidate All My ETH?
The regulatory clarity brought by the CLARITY Act can indeed fix the compliance discount of ETH, but this does not equate to granting it a currency premium similar to gold or BTC. The core positioning of ETH remains as on-chain financial infrastructure, and its long-term valuation should return to f...
Morning News | Coinbase partners with Standard Chartered Bank to expand multi-currency fiat channels; Sharplink and Forward will be included in the Russell Index; JPMorgan may issue stablecoins in the future
Overview of Important Market Events on May 27
Morning News | Hyperliquid launches off-chain event prediction market contracts; Strategy completes $1.5 billion debt buyback; Kelp DAO announces rsETH has fully recovered
Overview of Important Market Events on May 26
Bankless Founder: Why I Sold All My ETH
We have come a long way, and Ethereum has already achieved its deserved maximum potential market value.
Senior Public Company Financial Audit: Taking Hashkey as an Example, Discussing Which Account to Include for Exchange Issued Platform Tokens?
In-depth analysis of Hashkey's IPO financial report: the platform token HSK is cleverly classified by the official as "contract liabilities" to smooth profits, and the expectation of up to 95% "dead coins" reveals a significant misalignment between the company's compliance logic and investors' specu...
How did Micron win a trillion-dollar market value while Samsung relies on technology cycles and Hynix relies on HBM?
Chip giant Micron Technology's total market value has surpassed $100 billion. It has navigated multiple rounds of industry reshuffling by controlling manufacturing costs and is currently facing a new cycle of competition in the high-end HBM segment, mid-to-low-end market competition, and adjustments...
Dialogue with AEON co-founder Leo: The real bottleneck of the Agentic Economy is not the model, but the settlement
Committed to becoming the "Stripe" of the AI payment era.
2 years, 225 times the return? Unveiling the mysterious researcher Serenity's AI "bottleneck" investment technique
Former WSB trader Serenity has achieved a staggering 225 times return on the X platform over two years, with their original "supply chain bottleneck" theory and several classic micro-cap reverse sniper case studies attracting strong market attention.
B.AI partners with BNB Chain to launch the "Billion AI Token Subsidy" celebration, fully igniting the on-chain intelligent agent ecosystem
B.AI partners with BNB Chain to launch a hundred billion points subsidy program, with an additional special incentive of 8,000 USDT in the total prize pool, helping Web3 players access top large models with zero barriers and experience a full-stack AI financial foundation.
The truth about global payments has been revealed by Airwallex
For the global payment industry, shortcuts can help you run faster, but only by turning the most difficult parts into your own capabilities can you go further.
Six Major Complaints from an Ethereum Developer
Ethereum has not missed the market, it has missed itself.
The era of regulatory arbitrage has come to an end, and the value of cryptocurrency exchange licenses is being fiercely contested
Understanding the true value of a license is the foundation for assessing the long-term sustainability of an exchange.
He Yideng ranked: Since you're here, you might as well
He Yi from Binance was selected for Fortune's "Most Powerful Women in Business" list, expressed gratitude to the community, and announced Binance's new vision: to build financial infrastructure serving 3 billion people worldwide.
Bitcoin Price Prediction 2030: Will BTC Really Hit $1 Million?
See what Ark Invest, Standard Chartered, and CoinCodex forecast for bitcoin price prediction 2030, plus the key risks and how to position. Full WEEX analysis.
Best Moomoo Alternatives in 2026: Trade Stocks, Gold & Forex With USDT
Looking for the best moomoo alternatives in 2026? Compare IBKR, Webull, Tiger Brokers, and crypto-native TradFi platforms like WEEX. Learn how traders are using USDT to trade stocks, gold, forex, and global markets without relying on traditional brokerage accounts.
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com
