Cybersecurity researchers have identified a new exploit targeting users of the Atomic and Exodus wallets. This exploit involves threat actors uploading malicious software packages to online coding repositories, especially within npm software packages. The malicious code is cleverly hidden in seemingly legitimate packages, such as the pdf-to-office bundle. Once installed, this code compromises the wallets by overwriting user interface files, tricking users into sending their cryptocurrency to scam addresses. The latest threat highlights the rising trend of software supply chain attacks aimed at cryptocurrency holders. According to the cybersecurity firm Hacken, crypto hacks and exploits had resulted in approximately $2 billion in losses in the first quarter of 2025, exacerbated by a significant hack in February. Additionally, techniques like address poisoning attacks are being used, where scammers generate malicious addresses that closely resemble previously used ones, increasing the likelihood that victims will mistakenly send funds to them.

Source đź”—