BTC $62,538.91 -0.79%
ETH $1,784.05 -0.05%
BNB $569.40 +0.01%
XRP $1.06 -0.97%
SOL $74.97 -2.11%
TRX $0.3245 -1.65%
DOGE $0.0721 -0.27%
ADA $0.1583 -0.99%
BCH $235.94 -0.93%
LINK $7.92 -0.79%
HYPE $63.53 -2.26%
AAVE $96.14 +0.84%
SUI $0.7301 -0.36%
XLM $0.1777 -3.18%
ZEC $503.12 -2.35%
BTC $62,538.91 -0.79%
ETH $1,784.05 -0.05%
BNB $569.40 +0.01%
XRP $1.06 -0.97%
SOL $74.97 -2.11%
TRX $0.3245 -1.65%
DOGE $0.0721 -0.27%
ADA $0.1583 -0.99%
BCH $235.94 -0.93%
LINK $7.92 -0.79%
HYPE $63.53 -2.26%
AAVE $96.14 +0.84%
SUI $0.7301 -0.36%
XLM $0.1777 -3.18%
ZEC $503.12 -2.35%

gui

All
Article
Flash

Security Alert: 30 malicious npm packages disguised as trading bot repositories, targeting the theft of developer keys and mnemonic phrases

SlowMist issued a security alert, detecting a coordinated malicious npm supply chain attack. The attackers utilized fake trading bot repositories and DeFi-themed npm packages to deploy JavaScript information stealers, targeting npm users, DeFi developers, and trading bot users.This attack involved 30 malicious npm packages, among which stake-math@3.5.4 appeared as a locked dependency in the donoaccestag/forex-mt5-trading-bot repository. This repository presented approximately 2300 highly homogeneous bulk-generated forks, mostly concentrated under the poly-stocks account, with signals being exceptionally clear. The sensitive data that attackers could steal is extensive, including cryptocurrency wallet libraries, browser cookies and saved passwords, browsing history, developer credentials, shell history, password manager libraries, private keys, mnemonic phrases, and API tokens exposed in source code.SlowMist recommends that developers immediately remove the affected npm packages, audit package.json and package-lock.json, and check CI logs for any of the 30 malicious packages; consider any system that has executed npm install as potentially compromised, rotate all exposed wallets, private keys, npm tokens, cloud credentials, SSH keys, and API tokens, and rebuild the affected environment from a clean image.

ForeGate releases the "ForeGate 2026 World Cup Winning Guide" research report, in collaboration with OneBullEx, supported by Michael Owen, OKX, and others

According to official news, the ForeGate supercomputing database, in collaboration with football legend Michael Owen, OneBullEx, OKX, and WEEX, has officially released the "ForeGate 2026 World Cup Winning Guide" match research report.This report focuses on the progress of the 2026 World Cup schedule in the US, Canada, and Mexico, conducting a systematic analysis of the qualification probabilities, advancement paths, championship probabilities, win-draw-loss trends, and betting tendencies of the 48 participating teams. The report combines the ForeGate AI prediction model with OKX data path simulations and continuously updates based on real-time match results, team conditions, and potential matchup changes. Currently, the comprehensive prediction accuracy of the related models has reached 93.8%, demonstrating strong data analysis capabilities in aspects such as match result response, point calibration, and advancement path judgment.ForeGate stated that during the World Cup, it will continuously update prediction content based on match results, team conditions, and model simulation results to help users understand the probabilistic logic behind schedule changes. Meanwhile, the ForeGate World Cup million-dollar prediction event is also in full swing, where users can participate in match predictions to share in the million-dollar rewards.As the World Cup schedule continues to progress, OneBullEx will combine the match data and related content from the report to keep a close eye on the dynamics of the matches, further enriching community participation and match discussions during the World Cup, providing users with more reference perspectives for observing match trends.
app_icon
ChainCatcher Building the Web3 world with innovations.