CoinFeed
SlowMist: npm ecosystem hit by 30 malicious package attacks, developer credentials and private keys at risk of theft - CoinFeed
Time 09:01

SlowMist: npm ecosystem hit by 30 malicious package attacks, developer credentials and private keys at risk of theft

July 1, 2026
CoinFeed News

CoinFeed July 1 news, according to SlowMist security alert, its monitoring system discovered a coordinated malicious supply chain attack targeting the npm ecosystem. Attackers planted JavaScript information stealers by forging trading bot repositories and DeFi-themed npm packages, involving 30 malicious npm packages, among which stake-math@3.5.4 appeared as a lock dependency in the donoaccestag/forex-mt5-trading-bot repository. The repository exhibits obvious abnormal signals, with approximately 23,000 highly homogenized forked repositories concentrated under the poly-stocks account. Attackers can steal local sensitive data such as crypto wallets, browser cookies, passwords, developer credentials, private keys, mnemonic phrases, and API tokens in source code.

Back to News Feed