Home
News
Details

SlowMist Warns Developers About Malicious Web3 and AI Packages

iconBlockchainreporter
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
SOL
$66.286.64%
AI summary iconSummary

expand icon
Blockchain security firm SlowMist has uncovered a cross-chain supply chain attack targeting developers via malicious packages on npm, PyPI, and crates.io. The campaign includes over 34 packages and 384 versions, impacting Solana, Sui, DeFi, and AI developers. These packages can steal wallet data, SSH keys, and cloud credentials. SlowMist recommends removing affected packages, isolating systems, and rotating credentials to reduce exposure.
aii

SlowMist, a famous international blockchain security and threat intelligence firm, is carefully shifting its attention toward cybersecurity, threat intelligence, and auditing for crypto and Web3 projects. The whole team is consistently tracking hacks, phishing campaigns, stolen funds, and software vulnerabilities across the crypto ecosystem.

The basic purpose is to warn developers about malicious software packages that steal wallets, credentials, and sensitive data. SlowMist has its own unique system, called MistEye, which has successfully detected a cross-registry supply chain attack targeting developers. The core purpose of this system is to protect users from every possible side. SlowMist has announced this on its official X account.

SlowMist Warns Solana, Sui, and AI Developers About Malicious Software Packages

The attack reportedly involves 34+ malicious packages and 384+ versions published across major developer package registries such as npm, PyPI, and crates.io. The campaign particularly targets developers working in crypto, Decentralized Finance (DeFi), Solana development, Sui/move ecosystem, and Artificial Intelligence (AI) development. As the world is growing, the chances of scams and hacks are also increasing.

The attackers are also using advanced technologies to hack into various accounts and access other important and sensitive information. SlowMist warns these malicious packages may attempt to steal crypto wallet data, SSH keys, cloud credentials, GitHub and AWS tokens, browser data, environment variables, and developer secrets or private keys.

SlowMist Pushes for Immediate Protection of Wallets and Developer Systems amid Security Threat

The SlowMist advises developers to remove affected packages immediately, isolate impacted systems, preserve logs for investigation, rotate all exposed credentials and API keys, rebuild developer machines or CI runners from clean images, and review wallet, GitHub, SSH, and cloud account activity for suspicious behavior. The only purpose of this campaign is to protect users from any attack, which in return secure the platform’s place in the market.

Security, scalability, and transparency are the primary focus of users’ concern, and they are really in need of protecting their assets at any cost. This development is a strategic step toward the uplifting of users in terms of securing digital assets along with a proper, systematic, functional, and active system. This is the groundbreaking growth for users around the world. SlowMist ensures the security of at first priority and always remains vigilant for users’ help at any cost and never leaves users alone.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.