BlockBeats News, May 25th, according to Slowmist, the security firm MistEye detected a cross-registry supply chain attack, where the attacker published malicious packages to npm, PyPI, and crates.io targeting developers in the cryptocurrency, DeFi, Solana, Sui/Move, and AI fields. The attack involved 34+ malicious packages and over 384 related versions.

The attacker could potentially steal cryptocurrency wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, environment variables, and developer sensitive information. Some malicious payloads also attempted persistence through .cursorrules, CLAUDE.md, Git hooks, shell hooks, cron, systemd, and SSH.

Developers are advised to immediately remove the affected packages, isolate affected systems, retain logs, rotate exposed credentials, rebuild CI/CD environments and developer machines from clean images, and review GitHub, cloud service, SSH, and wallet activity logs.