- SOL0%
- SUI0%
BlockBeats News, May 25th, according to Slowmist, the security firm MistEye detected a cross-registry supply chain attack, where the attacker published malicious packages to npm, PyPI, and crates.io targeting developers in the cryptocurrency, DeFi, Solana, Sui/Move, and AI fields. The attack involved 34+ malicious packages and over 384 related versions.
The attacker could potentially steal cryptocurrency wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, environment variables, and developer sensitive information. Some malicious payloads also attempted persistence through .cursorrules, CLAUDE.md, Git hooks, shell hooks, cron, systemd, and SSH.
Developers are advised to immediately remove the affected packages, isolate affected systems, retain logs, rotate exposed credentials, rebuild CI/CD environments and developer machines from clean images, and review GitHub, cloud service, SSH, and wallet activity logs.
Disclaimer: The current content is sourced from third-party perspectives or directly translated by AI from third-party perspectives. CoinEx does not guarantee the authenticity, accuracy, and originality of the content, and it does not constitute any investment advice from CoinEx. The prices of cryptocurrencies are highly volatile, please be aware of the potential risks.
- CoinsPrice24H Change