A new wave of cyberattacks is zeroing in on users of popular crypto wallets like Atomic and Exodus, with bad actors deploying tainted software packages to infiltrate systems and extract sensitive information, including private keys.
Security analysts at ReversingLabs uncovered the operation, which involves planting harmful code within npm libraries—tools often trusted and used by developers.
The attack is designed to silently compromise locally installed crypto wallets. By inserting a malicious patch, the attackers can tamper with the wallet interface, making it appear normal while redirecting crypto transfers to fraudulent addresses.
This type of assault, known as a software supply chain attack, is rapidly gaining traction among hackers. It reflects a broader pattern of increasingly advanced tactics targeting crypto users, as cybercriminals refine their methods to outmaneuver traditional security measures.
One example of this was hidden in a seemingly harmless package labeled “pdf-to-office,” used as a Trojan horse to carry out the exploit.
Meanwhile, a broader picture of the threat landscape shows crypto hacks have inflicted massive financial damage in 2025. Data from security firm Hacken reveals that the first quarter alone saw nearly $2 billion in losses, with a staggering $1.4 billion lost in a single attack against Bybit in February.
Following that event, SafeWallet conducted a detailed investigation, revealing that the breach stemmed from a compromised developer machine. The attackers were able to seize Amazon Web Services session tokens and exploit internal systems to orchestrate the massive theft.
Author
Alexander Zdravkov
Reporter at Coindoo
Alexander Zdravkov is passionate about questions of meaning. He is a fluent German speaker as well as He has been in the crypto space for more than three years and has an eye for spotting emerging trends in the world of digital currencies. Whether providing in-depth analysis or reporting on all topics on a daily basis, his deep understanding and enthusiasm for what he does makes him a valuable addition to the team.
