icon
icon
icon
icon
🏷️$300 Off
🏷️$300 Off

News /

Articles /

Hackers Hijack Npm Packages to Steal Crypto Funds from Atomic and Exodus Wallets

Coin WorldSunday, Apr 13, 2025 6:41 am ET
2min read

A new and dangerous threat has emerged in the world of cryptocurrency, with hackers exploiting popular open-source tools to silently drain user funds. Cybersecurity researchers have uncovered a targeted malware campaign that manipulates npm (Node Package Manager) packages to infect cryptocurrency wallet applications like Atomic and Exodus, turning trusted software into silent thieves.

The attack highlights growing concerns around supply chain vulnerabilities in the software ecosystem, especially as threat actors become more creative and precise in their methods. The campaign begins innocently enough—developers or users install what appears to be a legitimate npm package, such as one named pdf-to-office. This package, like many others in the Node.js ecosystem, offers seemingly useful functionality. But hidden beneath the surface is malicious code designed to locate, tamper with, and hijack crypto wallet software.

Once installed on a system, the package quietly searches for known wallet applications. Its primary targets? The popular desktop wallets Atomic and Exodus. These apps, which are built using Electron (a framework that wraps web apps into desktop applications), are especially vulnerable to this type of tampering because of how their code is packaged. Here’s where it gets more sophisticated. The malware extracts the ASAR archive used by Electron apps—essentially the bundle that contains all the application’s files. Once extracted, it locates specific JavaScript files, often vendor files like vendors.64b69c3b00e2a7914733.js, and injects malicious payloads directly into them.

These payloads are engineered to intercept cryptocurrency transactions. So when an unsuspecting user sends funds using their wallet, the malicious code quietly swaps the destination wallet address with one controlled by the attackers. The user receives no warning, and the funds vanish, irretrievably, into a hacker’s pocket. To make matters worse, after the injection is complete, the package neatly repacks the files, leaving no visible signs of tampering. Everything continues to run as expected, making the malware extremely difficult for the average user to detect.

This type of attack is especially dangerous because it weaponizes trust—users think they’re installing legitimate tools, and even experienced developers may not notice anything amiss until it’s too late. Security experts are now urging developers and end-users to take several precautions: only install npm packages from verified, reputable authors, conduct regular audits of project dependencies, use tools to scan for suspicious or obfuscated code, and stay updated on known vulnerabilities, especially those affecting cryptocurrency tools and wallets.

The software supply chain has become one of the most vulnerable entry points for cybercriminals, and this incident is a stark reminder that crypto users are high-value targets. As cryptocurrency adoption grows, so does the sophistication of attacks aimed at stealing it. This isn’t just about wallet users losing money, it’s about trust in the infrastructure behind crypto. Open-source platforms like npm are incredible tools, but they also open doors for manipulation when oversight is lacking. To protect the crypto ecosystem, more robust security practices, and better community awareness, are urgently needed.

Hackers have been targeting cryptocurrency users by hijacking legitimate npm packages, injecting malicious code to redirect funds from cryptocurrency wallets. This sophisticated software supply chain attack highlights the growing threat to users' digital assets. The npm package manager, commonly used by JavaScript and Node.js developers, has become a vector for these attacks, with threat actors exploiting the trust placed in these packages to distribute malware. The malicious campaign specifically targets Atomic and Exodus wallets, two popular cryptocurrency storage solutions. By compromising the npm packages, hackers are able to inject code that can steal funds directly from users' wallets. This method of attack is particularly insidious because it leverages the trust that developers and users have in the npm ecosystem, making it difficult to detect and prevent.

The discovery of this attack underscores the importance of vigilance in the cybersecurity landscape. As cryptocurrency continues to gain popularity, it becomes an increasingly attractive target for cybercriminals. Users and developers must remain cautious and implement robust security measures to protect their digital assets. This includes regularly updating software, using reputable sources for packages, and being wary of any unusual activity or requests for sensitive information. The incident serves as a reminder of the evolving nature of cyber threats and the need for continuous monitoring and adaptation in security practices. As the digital landscape becomes more complex, so too do the methods employed by hackers. It is crucial for the industry to stay ahead of these threats by investing in advanced security technologies and fostering a culture of cybersecurity awareness.

Comments

Add a public comment...
Post
User avatar and name identifying the post author
SDDIYer80
04/13
npm: the new ATM for hackers, withdrawing your crypto without a PIN
0
Reply
User avatar and name identifying the post author
c-digs
04/13
@SDDIYer80 npm: where hackers just YOLO on your crypto, no FOMO needed
0
Reply
User avatar and name identifying the post author
pellosanto
04/13
Wow!the Peak Seeker algorithm successfully identified both trough and apex inflection points in NVDA equity's price action, while my execution latency resulted in material opportunity cost.
0
Reply
Disclaimer: The news articles available on this platform are generated in whole or in part by artificial intelligence and may not have been reviewed or fact checked by human editors. While we make reasonable efforts to ensure the quality and accuracy of the content, we make no representations or warranties, express or implied, as to the truthfulness, reliability, completeness, or timeliness of any information provided. It is your sole responsibility to independently verify any facts, statements, or claims prior to acting upon them. Ainvest Fintech Inc expressly disclaims all liability for any loss, damage, or harm arising from the use of or reliance on AI-generated content, including but not limited to direct, indirect, incidental, or consequential damages.
You Can Understand News Better with AI.
Whats the News impact on stock market?
Its impact is
fork
logo
AInvest
Aime Coplilot
Invest Smarter With AI Power.
Open App