Home
News
Details

SlowMist Detects Cross-Platform Supply Chain Attack Targeting Crypto Developers

iconKuCoinFlash
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
SOL
$85.470.21%
This is the logo of the coin.
SUI
$1.04671.46%
AI summary iconSummary

expand icon
On-chain news: SlowMist’s MistEye uncovered a cross-platform supply chain attack targeting crypto and AI + crypto news communities. Attackers distributed 34 malicious packages across npm, PyPI, and Crates.io, affecting over 384 versions. The payloads are designed to steal encryption wallets, SSH keys, cloud credentials, and more. Persistence mechanisms include cron, systemd, and Git hooks. SlowMist recommends removing affected packages, isolating compromised systems, and rotating credentials. Developers should review activity on GitHub, cloud platforms, and wallet accounts.

Odaily Planet Daily reports, according to SlowMist monitoring, MistEye detected a cross-registry supply chain attack targeting developers, in which attackers deployed malicious packages via npm, PyPI, and Crates.io. The attack involved over 34 malicious packages and more than 384 associated versions, targeting communities including cryptocurrency, DeFi, Solana, Sui/Move, and AI developers.

Potential attacker behaviors include stealing cryptocurrency wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, environment variables, and developer keys. Some payloads also attempt to achieve persistence via cursorrules, CLAUDE.md, Git hooks, shell hooks, cron, systemd, and SSH.

SlowMist recommends immediately removing the affected packages, isolating compromised systems, preserving logs, rotating exposed credentials, rebuilding CI runners and developer machines from clean images, and reviewing activity on GitHub, cloud services, SSH, and wallets.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.