North Korean Hackers Use npm to Steal Credentials and Keys from Blockchain Developers

**North Korean Hackers Target Blockchain Developers in Massive npm Cryptocurrency Theft Campaign**

North Korean cybercriminals have launched a sophisticated attack on the cryptocurrency ecosystem, distributing over 300 malicious npm packages designed to steal Bitcoin wallet keys and blockchain developer credentials. The hackers employed deceptive tactics, creating packages with names mimicking popular libraries while using fake LinkedIn recruiter profiles to infiltrate automated dependency chains across DeFi projects.

This unprecedented supply chain attack compromised approximately 50,000 downloads before security firm Socket detected and reported the malicious packages, which were subsequently removed. The campaign specifically targeted blockchain developers working on cryptocurrency projects, potentially exposing private keys, wallet credentials, and sensitive smart contract data.

The incident highlights growing security vulnerabilities in the decentralized finance (DeFi) space, where developers frequently rely on third-party packages. As North Korea intensifies cryptocurrency theft operations to fund state activities, this npm attack represents a new vector threatening the broader blockchain ecosystem. The breach underscores the critical need for enhanced security protocols in cryptocurrency development workflows and stricter vetting of dependency packages used in Bitcoin and altcoin projects.