Home
News
Details

MistEye Detects Cross-Registry Supply Chain Attack Targeting Crypto and AI Developers

iconKuCoinFlash
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
SOL
$84.72-0.76%
This is the logo of the coin.
SUI
$1.03760.27%
AI summary iconSummary

expand icon
MistEye uncovered a cross-registry supply chain attack targeting crypto and AI developers. Over 34 malicious packages were published on npm, PyPI, and crates.io, comprising more than 384 versions. These packages steal sensitive data such as crypto wallets, SSH keys, and cloud credentials. Attackers use .git hooks, shell hooks, and SSH for persistence. Developers should remove affected packages, isolate compromised systems, and rotate credentials. This AI + crypto news underscores the importance of vigilance around on-chain threats. MistEye advises reviewing logs and rebuilding environments from trusted, secure images.

According to ME News, on May 25 (UTC+8), BlockBeats reported that the security firm MistEye discovered a cross-registry supply chain attack. Attackers published malicious packages on npm, PyPI, and crates.io, targeting developers in the cryptocurrency, decentralized finance (DeFi), Solana, Sui/Move, and AI sectors. This attack involved over 34 malicious packages and more than 384 associated versions. During this attack, the attackers may have stolen sensitive information such as cryptocurrency wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, and environment variables. Some malicious payloads attempted to maintain persistence using various techniques, including .git hooks, shell hooks, and SSH. Developers are advised to immediately remove the affected packages, isolate compromised systems, retain log records, rotate compromised credentials, rebuild development and production environments from secure images, and review incident logs on relevant platforms. (Source: MLion)

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.