822K Downloads at Risk: Malicious node-ipc Versions Spotted Stealing AWS and Private Keys

Three malicious versions of node-ipc, a foundational Node.js library used across Web3 build pipelines, were confirmed compromised on May 14, with security firm Slowmist warning that crypto developers relying on the package face immediate credential theft risk. Developer Secrets at Stake Blockchain security firm Slowmist flagged the attack via its Misteye threat intelligence system, identifying […]