Malicious code in farming-tools-12 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+, same aicrypto-xzggg publisher and "Core utilities for blockchain development" description as swap-sdk-87/defi-tools-39. postinstall auto-execs, src/index.js harvests /.ssh keys + Sol/Eth/BTC/Tron/Sui/Aptos wallets + .env +...

Fake BlueWallet steals passwords, accounts, and crypto from Macs

A fake website impersonating BlueWallet a real Bitcoin wallet is targeting Mac users with a simple but effective attack. BlueWallet itself has not been compromised. Instead, cybercriminals have stolen the name and branding of the legitimate Bitcoin wallet to make a malicious download appear...

Malicious code in rich-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cc191d72f2f92d966897d0f635b53afecd9a62e8b63de13fff125a00377fcb63 Package installs persistent malware acting as Rat, with the focus of stealing data and modifying copied cryptowallet addresses. --- Category: MALICIOUS - The...

British Hacker Tyler Buchanan Pleads Guilty to $8M Hacking Scheme in US

Tyler Robert Buchanan, a 24-year-old British hacker linked to Scattered Spider, admits to a multi-year US hacking scheme involving at least $8M in crypto theft...

$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea DPRK that began in the fall of 2025. The Solana-based...

South Korean Police Accidentally Post Cryptocurrency Wallet Password

An expensive mistake: Someone jumped at the opportunity to steal $4.4 million in crypto assets after South Korea's National Tax Service exposed publicly the mnemonic recovery phrase of a seized cryptocurrency wallet. The funds were stored in a Ledger cold wallet seized in law enforcement raids at...

Malicious Package

Overview tailwind-mainanimation is a malicious package. Upon installation, it silently injects obfuscated JavaScript into the end of legitimate project configuration files like tailwind.config.js. To evade detection, the malware rewrites git history, forging timestamps so the malicious commit...

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

The North Korean threat actor known as UNC4899 is suspected to be behind a sophisticated cloud compromise campaign targeting a cryptocurrency organization in 2025 to steal millions of dollars in cryptocurrency. The activity has been attributed with moderate confidence to the state-sponsored...

`uniswap-utils` was removed from crates.io for malicious code

It depended on the evm-units crate, which appeared to be attempting to steal cryptocurrency...

GHSA-X468-PHR8-H3P3 `uniswap-utils` was removed from crates.io for malicious code

It depended on the evm-units crate, which appeared to be attempting to steal cryptocurrency...

GHSA-6662-54XR-8423 `evm-units` was removed from crates.io for malicious code

It appeared to be attempting to steal cryptocurrency...

Bitfinex Hack Convict Ilya Lichtenstein Released Early Under U.S. First Step Act

Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016, said he has been released early. In a post shared on X last week, the 38-year-old announced his release, crediting U.S...

RUSTSEC-2025-0145 `uniswap-utils` was removed from crates.io for malicious code

It depended on the evm-units crate, which appeared to be attempting to steal cryptocurrency...

`uniswap-utils` was removed from crates.io for malicious code

It depended on the evm-units crate, which appeared to be attempting to steal cryptocurrency...

`evm-units` was removed from crates.io for malicious code

It appeared to be attempting to steal cryptocurrency...

Malicious Package

Overview session-validate is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package...

Malicious Package

Overview js-coauth is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once...

Malicious Package

Overview grid-settings-align is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this...

Malicious Package

Overview tailwindcss-setmotion is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this...

Malicious Package

Overview lintcolor is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once...