-
Cybercriminals are using malicious packages to target users of Atomic and Exodus crypto wallets.
-
The malware hijacks clipboard data and secretly redirects crypto transactions to attacker-controlled wallets.
-
Security experts warn that these sophisticated supply chain attacks underline escalating threats to crypto users.
Malicious packages are compromising Atomic and Exodus crypto wallets, highlighting significant security threats in cryptocurrency. Stay vigilant!
How Hackers are Targeting Atomic and Exodus Wallets
ReversingLabs, a cybersecurity firm, has uncovered a malicious campaign where attackers compromised Node Package Manager (NPM) libraries.
These libraries, often disguised as legitimate tools like PDF-to-Office converters, carry hidden malware. Once installed, the malicious code executes a multi-phase attack.
First, the software scans the infected device for crypto wallets. Then, it injects harmful code into the system. This includes a clipboard hijacker that silently alters wallet addresses during transactions, rerouting funds to wallets controlled by the attackers.
Moreover, the malware also collects system details and monitors how successfully it infiltrated each target. This intelligence allows threat actors to improve their methods and scale future attacks more effectively.
Meanwhile, ReversingLabs also noted that the malware maintains persistence. Even if the deceptive package, such as pdf-to-office, is deleted, remnants of the malicious code remain active.
To fully cleanse a system, users must uninstall affected crypto wallet software and reinstall from verified sources.
Indeed, security experts noted that the scope of the threat highlights the growing software supply chain risks threatening the industry.
“The frequency and sophistication of software supply chain attacks that target the cryptocurrency industry are also a warning sign of what’s to come in other industries. And they’re more evidence of the need for organizations to improve their ability to monitor for software supply chain threats and attacks,” ReversingLabs stated.
This week, Kaspersky researchers reported a parallel campaign using SourceForge, where cybercriminals uploaded fake Microsoft Office installers embedded with malware.
These infected files included clipboard hijackers and crypto miners, posing as legitimate software but operating silently in the background to compromise wallets.
The incidents highlight a surge in open-source abuse and present a disturbing trend of attackers increasingly hiding malware inside software packages developers trust.
Considering the prominence of these attacks, crypto users and developers are urged to remain vigilant, verify software sources, and implement strong security practices to mitigate growing threats.
According to DeFiLlama, over $1.5 billion in crypto assets were lost to exploits in Q1 2025 alone. The largest incident involved a $1.4 billion Bybit breach in February.
Conclusion
The landscape of cryptocurrency security is rapidly evolving, as the increasing sophistication of cyber attacks poses significant threats to users. Vigilance and proactive security measures are essential to safeguarding digital assets against these persistent threats.
