• bitcoinBitcoin (BTC) $ 61,741.00
  • ethereumEthereum (ETH) $ 1,701.04
  • tetherTether (USDT) $ 0.999053
  • bnbBNB (BNB) $ 560.57
  • usd-coinUSDC (USDC) $ 0.999832
  • xrpXRP (XRP) $ 1.09
  • solanaSolana (SOL) $ 80.89
  • tronTRON (TRX) $ 0.317646
  • staked-etherLido Staked Ether (STETH) $ 2,265.05
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.03
  • hyperliquidHyperliquid (HYPE) $ 66.80
  • dogecoinDogecoin (DOGE) $ 0.074360
  • rainRain (RAIN) $ 0.015489
  • usdsUSDS (USDS) $ 0.999793
  • leo-tokenLEO Token (LEO) $ 9.12
  • wrapped-stethWrapped stETH (WSTETH) $ 2,779.67
  • zcashZcash (ZEC) $ 442.18
  • stellarStellar (XLM) $ 0.199807
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 76,243.00
  • whitebitWhiteBIT Coin (WBT) $ 55.81
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.998762
  • cardanoCardano (ADA) $ 0.159515
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 2,466.93
  • moneroMonero (XMR) $ 314.86
  • chainlinkChainlink (LINK) $ 7.77
  • canton-networkCanton (CC) $ 0.138015
  • wrapped-eethWrapped eETH (WEETH) $ 2,465.31
  • daiDai (DAI) $ 0.999868
  • usd1-wlfiUSD1 (USD1) $ 0.998512
  • susdssUSDS (SUSDS) $ 1.08
  • the-open-networkGram (prev. Toncoin) (GRAM) $ 1.65
  • ethena-usdeEthena USDe (USDE) $ 0.998609
  • bitcoin-cashBitcoin Cash (BCH) $ 220.97
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 76,366.00
  • litecoinLitecoin (LTC) $ 43.66
  • hedera-hashgraphHedera (HBAR) $ 0.073421
  • labLAB (LAB) $ 10.10
  • wethWETH (WETH) $ 2,268.37
  • hashnote-usycCircle USYC (USYC) $ 1.13
  • global-dollarGlobal Dollar (USDG) $ 1.00
  • suiSui (SUI) $ 0.737936
  • usdt0USDT0 (USDT0) $ 0.998824
  • avalanche-2Avalanche (AVAX) $ 6.75
  • paypal-usdPayPal USD (PYUSD) $ 0.999882
  • crypto-com-chainCronos (CRO) $ 0.056302
  • shiba-inuShiba Inu (SHIB) $ 0.000004
  • nearNEAR Protocol (NEAR) $ 1.94
  • tether-goldTether Gold (XAUT) $ 4,114.00
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.22
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.14
  • memecoreMemeCore (M) $ 1.58
  • bittensorBittensor (TAO) $ 210.78
  • uniswapUniswap (UNI) $ 3.26
  • pax-goldPAX Gold (PAXG) $ 4,116.65
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.057843
  • aster-2Aster (ASTER) $ 0.634574
  • okbOKB (OKB) $ 80.55
  • ripple-usdRipple USD (RLUSD) $ 0.999940
  • ondo-financeOndo (ONDO) $ 0.332036
  • little-pepe-5Little Pepe (LILPEPE) $ 2.16
  • htx-daoHTX DAO (HTX) $ 0.000002
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.15
  • mantleMantle (MNT) $ 0.440946
  • polkadotPolkadot (DOT) $ 0.845639
  • falcon-financeFalcon USD (USDF) $ 0.996156
  • usddUSDD (USDD) $ 1.00
  • worldcoin-wldWorldcoin (WLD) $ 0.392286
  • morphoMorpho (MORPHO) $ 2.11
  • skySky (SKY) $ 0.057696
  • aaveAave (AAVE) $ 87.29
  • bfusdBFUSD (BFUSD) $ 0.998580
  • pi-networkPi Network (PI) $ 0.116618
  • internet-computerInternet Computer (ICP) $ 2.20
  • bitget-tokenBitget Token (BGB) $ 1.69
  • ethereum-classicEthereum Classic (ETC) $ 7.10
  • dexeDeXe (DEXE) $ 22.94
  • pepePepe (PEPE) $ 0.000002
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.00
  • united-stablesUnited Stables (U) $ 0.999798
  • kucoin-sharesKuCoin (KCS) $ 7.13
  • quant-networkQuant (QNT) $ 67.22
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.21
  • blockchain-capitalBlockchain Capital (BCAP) $ 106.97
  • jito-staked-solJito Staked SOL (JITOSOL) $ 124.46
  • audieraAudiera (BEAT) $ 2.96
  • usdgoUSDGO (USDGO) $ 1.00
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 2,404.69
  • janus-henderson-anemoy-treasury-fundJanus Henderson Anemoy Treasury Fund (JTRSY) $ 1.11
  • kaspaKaspa (KAS) $ 0.030784
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,262.26
  • superstate-short-duration-us-government-securities-fund-ustbInvesco Short Duration US Government Securities Fund (USTB) $ 11.13
  • rocket-pool-ethRocket Pool ETH (RETH) $ 2,631.35
  • stable-2​​Stable (STABLE) $ 0.034181
  • render-tokenRender (RENDER) $ 1.59
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999945
  • jupiter-exchange-solanaJupiter (JUP) $ 0.242514
  • cosmosCosmos Hub (ATOM) $ 1.55
  • wbnbWrapped BNB (WBNB) $ 759.61
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.074746
  • ignition-fbtcFunction FBTC (FBTC) $ 76,389.00
  • algorandAlgorand (ALGO) $ 0.086623
  • nexoNEXO (NEXO) $ 0.774615
  • justJUST (JST) $ 0.088316
  • usdtbUSDtb (USDTB) $ 1.00
  • ethenaEthena (ENA) $ 0.076638
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.11
  • gatechain-tokenGate (GT) $ 6.69
  • adi-tokenADI (ADI) $ 5.60
  • beldexBeldex (BDX) $ 0.087735
  • binance-staked-solBinance Staked SOL (BNSOL) $ 108.24
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.04
  • bianrensheng币安人生 (BinanceLife) (币安人生) $ 0.679825
  • spiko-amundi-overnight-swap-fund-eurSpiko Amundi Overnight Swap Fund (EUR) (EURSAFO) $ 1.15
  • venice-tokenVenice Token (VVV) $ 13.52
  • pump-funPump.fun (PUMP) $ 0.001553
  • filecoinFilecoin (FIL) $ 0.780695
  • new-x-ceo-is-backNEW X CEO IS BACK (XFLOKI) $ 0.506041
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999720
  • ghoGHO (GHO) $ 0.998096
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 76,461.00
  • flare-networksFlare (FLR) $ 0.006721
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 76,491.00
  • xdce-crowd-saleXDC Network (XDC) $ 0.028488
  • yldsYLDS (YLDS) $ 0.999850
  • usual-usdUsual USD (USD0) $ 0.998609
  • clbtcclBTC (CLBTC) $ 76,920.00
  • lighterLighter (LIT) $ 2.11
  • midnight-3Midnight (NIGHT) $ 0.031151
  • usxUSX (USX) $ 1.00
  • aptosAptos (APT) $ 0.611427
  • hash-2Provenance Blockchain (HASH) $ 0.009099
  • arbitrumArbitrum (ARB) $ 0.078023
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 2,419.84
  • true-usdTrueUSD (TUSD) $ 0.997629
  • a7a5A7A5 (A7A5) $ 0.012416
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 33.97
  • aerodrome-financeAerodrome Finance (AERO) $ 0.505548
  • tbtctBTC (TBTC) $ 70,942.00
  • injective-protocolInjective (INJ) $ 4.62
  • dashDash (DASH) $ 34.65
  • pancakeswap-tokenPancakeSwap (CAKE) $ 1.37
  • euro-coinEURC (EURC) $ 1.14
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.186757
  • ousgOndo Short-Term U.S. Government Bond Fund (OUSG) $ 115.75
  • official-trumpOfficial Trump (TRUMP) $ 1.70
  • c8ntinuumc8ntinuum (CTM) $ 0.087592
  • hastra-primeHastra PRIME (PRIME) $ 1.05
  • mantle-staked-etherMantle Staked Ether (METH) $ 2,455.82
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.006344
  • vechainVeChain (VET) $ 0.004605
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999983
  • bonkBonk (BONK) $ 0.000004
  • resolv-wstusrResolv wstUSR (WSTUSR) $ 1.13
  • jito-governance-tokenJito (JTO) $ 0.757892
  • cocaCOCA (COCA) $ 1.30
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 0.557890
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.996995
  • celestiaCelestia (TIA) $ 0.367948
  • doge-strategyDoge Strategy (DOGESTR) $ 0.288297
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 2,406.26
  • spx6900SPX6900 (SPX) $ 0.370619
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 76,200.00
  • terra-lunaTerra Luna Classic (LUNC) $ 0.000061
  • sei-networkSei (SEI) $ 0.047830
  • sun-tokenSun Token (SUN) $ 0.016694
  • the9bitThe9bit (9BIT) $ 0.042627
  • apxusdapxUSD (APXUSD) $ 0.860444
  • wrapped-flareWrapped Flare (WFLR) $ 0.009961
  • grassGrass (GRASS) $ 0.507891
  • kinesis-goldKinesis Gold (KAU) $ 133.77
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,266.86
  • curve-dao-tokenCurve DAO (CRV) $ 0.204649
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.12
  • pyth-networkPyth Network (PYTH) $ 0.039137
  • blockstackStacks (STX) $ 0.165978
  • ether-fiEther.fi (ETHFI) $ 0.328646
  • bitcoin-svBitcoin SV (BSV) $ 14.07
  • gnosisGnosis (GNO) $ 104.39
  • binance-peg-xrpBinance-Peg XRP (XRP) $ 1.59
  • bittorrentBitTorrent (BTT) $ 0.00000027
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 2,443.47
  • pendlePendle (PENDLE) $ 1.52
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 2,421.84
  • ethgas-2ETHGas (GWEI) $ 0.123749
  • noonNoon (NOON) $ 0.751949
  • apenftAINFT (NFT) $ 0.00000026
  • royal-dollarRoyal Dollar (RUSD) $ 0.998700
  • sbtc-2sBTC (SBTC) $ 77,039.00
  • build-onBUILDon (B) $ 0.259369
  • kite-2Kite (KITE) $ 0.105316
  • plasmaPlasma (XPL) $ 0.095404
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 115.56
  • olympusOlympus (OHM) $ 16.60
  • savings-usddSavings USDD (SUSDD) $ 1.03
  • fraxLegacy Frax Dollar (FRAX) $ 0.990982
  • monadMonad (MON) $ 0.020053
  • zebec-networkZebec Network (ZBCN) $ 0.002396
  • msolMarinade Staked SOL (MSOL) $ 133.18
  • tezosTezos (XTZ) $ 0.214575

Axios supply chain attack raises risk to crypto wallets

0 0


Axios, one of the most popular JavaScript libraries, may be compromised and involved in a crypto wallet attack. The npm package attack is becoming more common, directly attacking projects, developers, and end users.

An Axios npm package was published to the official JavaScript library, and unpublished just hours later. On-chain security experts intercepted the attack, which was active for around three hours.

@npmjs @GHSecurityLab there is an active supply chain attack on axios@1.14.1 which pulls in a malicious package published today – plain-crypto-js@4.2.1 – someone took over a maintainer account for Axios

— Maxwell (@mvxvvll) March 31, 2026

The npm packages were compromised through the credentials of @jasonsaayman, as researchers still looked for signs that the account was compromised. The affected packages were identified as axios@1.14.1 and axios@0.30.4.

As Cryptopolitan reported earlier, npm attacks often target crypto wallets and are especially risky for decentralized projects with large team holdings.

What happened in the Axios npm attack?

StepSecurity was among the first to identify the issue. Two malicious versions of the Axios HTTP client library were published through the compromised credentials of a lead Axios maintainer, bypassing the normal publishing pipeline on GitHub.

According to StepSecurity, this was the most sophisticated attack against a widely used top-10 npm package. The malicious package version injects a new dependency, plain-crypto-js@4.2.1, which is not imported in the axios source code. The dependency runs a post-install script, active on all operating systems.

After using the npm, the client is infected with a remote access trojan dropper, which has a live server and delivers the payloads. The malware also deletes itself and replaces the suspect .json with a clean version to evade detection.

Which types of projects were affected?

The npm packages were among the most popular, with up to 100M weekly downloads. However, at this point, there are no reports of unauthorized crypto movement. Previously, an npm attack led to only $1,000 of crypto losses from obscure tokens.

The only way to limit malicious npm is to track versions and not allow automated upgrades, or check new versions for potential malicious uploads.

New supply chain attack this time for npm axios, the most popular HTTP client library with 300M weekly downloads.

Scanning my system I found a use imported from googleworkspace/cli from a few days ago when I was experimenting with gmail/gcal cli. The installed version (luckily)…

— Andrej Karpathy (@karpathy) March 31, 2026

Researchers also discovered two additional malicious packages delivering payloads the same way – @shadanai/openclaw and @qqbrowser/openclaw-qbot. The attack follows the LiteLLM malicious code injection by just a week.

There is no report of Web3 or OpenClaw projects being affected or any crypto stolen, for the duration of the attack. However, warnings were issued that npm attacks may now become the norm, either through stolen credentials or unauthorized publishers. The threat follows previous warnings on malicious code using the OpenClaw skill platform.

The packages are not limited to Web3 or bot projects, and may affect any payloads linked to crypto wallets. The loss of trust in npm and pip installs for Python may also erode the general trust in the library ecosystem, with calls for a more secure upload path.

The usage of AI agents may also lead to indiscriminate package downloading, spreading the threat. The actual effects on crypto wallets may not be immediate, but they still potentially expose wallet data.



Source link

Leave A Reply

Your email address will not be published.