Security Alert: 30 malicious npm packages disguised as trading bot repositories, targeting the theft of developer keys and mnemonic phrases

By: rootdata|2026/07/01 20:45:00

SlowMist issued a security alert, detecting a coordinated malicious npm supply chain attack. The attackers utilized fake trading bot repositories and DeFi-themed npm packages to deploy JavaScript information stealers, targeting npm users, DeFi developers, and trading bot users.

This attack involved 30 malicious npm packages, among which stake-math@3.5.4 appeared as a locked dependency in the donoaccestag/forex-mt5-trading-bot repository. This repository presented approximately 2300 highly homogeneous bulk-generated forks, mostly concentrated under the poly-stocks account, with signals being exceptionally clear. The sensitive data that attackers could steal is extensive, including cryptocurrency wallet libraries, browser cookies and saved passwords, browsing history, developer credentials, shell history, password manager libraries, private keys, mnemonic phrases, and API tokens exposed in source code.

SlowMist recommends that developers immediately remove the affected npm packages, audit package.json and package-lock.json, and check CI logs for any of the 30 malicious packages; consider any system that has executed npm install as potentially compromised, rotate all exposed wallets, private keys, npm tokens, cloud credentials, SSH keys, and API tokens, and rebuild the affected environment from a clean image.

-- Price

--

Disclaimer: This content is provided for general branding and informational purposes only and doesn't constitute financial, investment, legal, or tax advice. Any events, rewards, online events, or related information mentioned herein should not be considered a recommendation, solicitation, or invitation to purchase, sell, trade, or otherwise deal in any crypto assets or to use any services. Crypto assets are highly volatile and may result in loss. WEEX services and online events may not be available in all regions and are subject to applicable laws, regulations, and eligibility requirements. You are responsible for ensuring that your use of WEEX services complies with local laws and for carefully assessing the risks before participating in any crypto-related activities.

You may also like

Contents

Latest articles

More

Latest coin listings on WEEX

iconiconiconiconiconiconicon
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com