The post Node-ipc supply chain attack targets crypto devs appeared on BitcoinEthereumNews.com.
Three poisoned versions of node-ipc went live on the npm registry on May 14, according to SlowMist. Attackers hijacked a dormant maintainer account and pushed code designed to siphon developer credentials, private keys, exchange API secrets, the works, straight out of .env files. node-ipc is a popular Node.js package that lets different programs talk to each other on the same machine, or sometimes across a network. SlowMist catches the breach Blockchain security firm, SlowMist, spotted the breach through their MistEye threat intel system. Versions 9.1.6, 9.2.3, and 12.0.1 MistEye found three malicious versions including: Version 9.1.6. Version 9.2.3. Version 12.0.1. All of the above verions carried the same obfuscated 80 KB payload. Node-ipc handles inter-process communication in Node.js. It basically helps Node.js programs send messages back and forth. Over 822,000 people download it each we
Mini Shai-Hulud npm campaign compromises @antv packages, targeting blockchain developers’ GitHub tokens, AWS keys, and CI/CD secrets in a coordinated supply chain attack. The malicious publishes started just before 2 a.m. UTC on May 19. By the time most developers on the East Coast had their first coffee, the damage was already done. Socket’s Threat […]
The post npm Supply Chain Attack Hits @antv: Blockchain Dev Secrets Now Exposed appeared first on Live Bitcoin News.
Cross-chain bridges, infrastructure that allows assets to move between separate blockchain networks, have now lost $328.6 million to attackers across eight separate incidents in May 2026. Crypto’s Worst Year for Cross-Chain Hacks Blockchain security and data analytics firm Peckshield released a mid-May tally of eight bridge-related exploits that collectively drained $328.6 million from cross-chain protocols […]
Thorchain suffered an estimated $10 to $11 million exploit on Friday, after attackers used vault churn address poisoning to redirect funds during a routine migration process across multiple blockchains. Thorchain Funds Compromised Onchain investigator ZachXBT first flagged the incident via his Telegram channel, placing initial losses above $7.4 million before revised estimates pushed the total […]
The post 822K Downloads at Risk: Malicious node-ipc Versions Spotted Stealing AWS and Private Keys appeared on BitcoinEthereumNews.com.
Key Takeaways Slowmist flagged three malicious node-ipc versions on May 14, targeting over 822,000 weekly npm downloads. The 80KB payload steals 90+ credential categories, including AWS keys and .env files via DNS tunneling. Developers must immediately pin to clean node-ipc versions and rotate all potentially exposed secrets. Developer Secrets at Stake Blockchain security firm Slowmist flagged the attack via its Misteye threat intelligence system, identifying three rogue releases, namely versions 9.1.6, 9.2.3, and 12.0.1. The node-ipc package, used to enable inter-process communication (IPC) in Node.js environments, is embedded across decentralized application ( dApp) build pipelines, CI/CD systems, and developer tooling throughout the crypto ecosystem. The malicious releases were identified as versions 9.1.6, 9.2.3, and 12.0.1. The package averages ov
Three malicious versions of node-ipc, a foundational Node.js library used across Web3 build pipelines, were confirmed compromised on May 14, with security firm Slowmist warning that crypto developers relying on the package face immediate credential theft risk. Developer Secrets at Stake Blockchain security firm Slowmist flagged the attack via its Misteye threat intelligence system, identifying […]
The post OpenAI says no user data exposed after TanStack npm supply chain attack hit employee devices appeared on BitcoinEthereumNews.com.
OpenAI has admitted that two employee devices were compromised through malicious versions of TanStack npm packages. The company is insisting that no evidence that user data, production systems, or intellectual property were tampered with was found. Was OpenAI hacked? OpenAI has confirmed that malicious actors breached two of its employee devices as part of a massive software supply chain campaign called “Mini Shai-Hulud.” OpenAI previously deployed controls to limit supply chain attack exposure after an incident with Axios, but the two affected employee devices had not yet received the updated configurations that would have blocked the malicious package download. The attack targeted TanStack, an open-source library used by millions of developers. The attackers published 84 malicious versions across 42 npm packages, including the popular @tanstack/re
The post TanStack, Mistral AI, UiPath targeted in major supply chain attack compromising 170+ packages appeared on BitcoinEthereumNews.com.
A coordinated software supply chain attack compromised over 170 packages across the npm and PyPI registries on May 11, hitting some of the most widely used developer tools in the ecosystem. TanStack, Mistral AI, UiPath, and Guardrails AI were among the primary victims. The attack, dubbed “Mini Shai-Hulud,” was carried out by a group calling itself TeamPCP. Between 373 and 404 malicious package versions were published in a roughly five-hour window, each designed to look indistinguishable from legitimate releases. How the attack worked The attackers exploited vulnerabilities in GitHub Actions workflows, specifically targeting a misconfigured pull_request_target workflow combined with cache poisoning techniques. They also abused OpenID Connect (OIDC) tokens, which are used to authenticate automated publishing pipelines between GitHub and package regis
