Node-ipc supply chain attack targets crypto devs

May 16, 2026
3:59 am

Node-ipc supply chain attack targets crypto devs

Three poisoned versions of node-ipc went live on the npm registry on May 14, according to SlowMist. Attackers hijacked a dormant maintainer account and pushed code designed to siphon developer credentials, private keys, exchange API secrets, the works, straight out of .env files.

node-ipc is a popular Node.js package that lets different programs talk to each other on the same machine, or sometimes across a network.

SlowMist catches the breach

Blockchain security firm, SlowMist, spotted the breach through their MistEye threat intel system.

Versions 9.1.6, 9.2.3, and 12.0.1

MistEye found three malicious versions including:

Version 9.1.6.
Version 9.2.3.
Version 12.0.1.

All of the above verions carried the same obfuscated 80 KB…

Share this article

Node-ipc supply chain attack targets crypto devs

May 16, 2026

Myanmar proposes life in prison for crypto scam

May 16, 2026

Node-ipc supply chain attack targets crypto devs

May 16, 2026

Bitcoin Falls as Kospi Soars 77.9%; Korean Crypto Exchanges Face Squeeze

May 16, 2026

Grant Cardone Says Crypto Is A ‘Magnet For Degenerate Investing,’ Predicts Bitcoin Highs In 2026

May 16, 2026

Is Ally Financial (ALLY) Still Attractive After Strong Three Year Share Price Recovery?

May 16, 2026

Why Crypto’s Regulatory Gap Is Now an Institutional Problem

May 16, 2026

Is It Time To Reconsider Danaher (DHR) After The Recent Share Price Slump

May 16, 2026