Ethereum contracts push malware on npm
RL discovered how the crypto contracts were abused — and how this incident is tied to a larger campaign to promote malicious packages on top repositories.
Crypto Attack
Ethereum contracts push malware on npm
Malicious Python packages target popular Bitcoin library
RL researchers detected two Python libraries that are designed to steal sensitive data while posing as fixes for a popular cryptocurrency library.
OSS in the crosshairs: Cryptomining hacks highlight key new threat
Hacks of rspack, vant highlight the growing trend of cryptomining compromises spreading via top open-source packages.
Compromised ultralytics PyPI package delivers crypto coinminer
A compromised build environment led to a malicious deployment of a popular AI library that had the potential of delivering other malware.
Malware found in Solana npm library raises the bar for crypto security
Two recent versions of the Solana web3.js open source library were infected with code to steal private keys, putting crypto platforms and wallets at risk.
BIPClip: Malicious PyPI packages target crypto wallet recovery passwords
RL has discovered a campaign using PyPI packages posing as open-source libraries to steal BIP39 mnemonic phrases, which are used for wallet recovery.