A North Korean hacking group implanted malicious code generated by Claude into the cryptocurrency trading tool openpaw-graveyard.

CoinFeed reported on May 1st that, according to Cryptopolitan, security research firm ReversingLabs discovered that a malicious npm package named PromptMink, submitted using code generated by Anthropic's Claude Opus AI model, was implanted into the open-source crypto trading project openpaw-graveyard, resulting in the theft of users' crypto wallet credentials and system keys. This attack originated from the North Korean state-sponsored hacking group Famous Chollima, which has been distributing malicious npm packages since September 2025, employing a two-layer strategy: the first layer is a "bait" package without malicious code, and the second layer carries the actual malicious payload. When the second-layer package is removed, the attackers release a replacement version on the same day.