Cybercriminals have found a new attack vector, targeting users of Atomic and Exodus portfolios via open-source software deposits. The latest wave of exploits implies the distribution of packets infected with malicious software to compromise private keys and empty digital assets. How the hackers target the Atomic and Exodus Reversinglabs portfolios, a cybersecurity company, discovered a malicious campaign where attackers compromised libraries of the Node Package Manager (NPM). These libraries, often disguised as legitimate tools such as PDF-Office-Office converters, contain hidden malicious software. Once installed, the malicious code performs an attack in several phases. First, the software scans the infected device looking for crypto wallets. Then he injects harmful code into the system. This includes a hijacking of the clipboard which silently modifies the addresses of the wallets during transactions, redirecting the funds to wallets controlled by the attackers. Malicious code targeting atomic and exodus wallets. Source: In addition, the malicious software also collects details on the system and monitors the success of its infiltration in each target. This information allows malicious actors to improve their methods and better organize their future attacks. In addition, Reversinglabs also noted that the malicious software maintains its persistence. Even if the deceptive package, such as PDF-Vers-Office, is deleted, traces of the malicious code remain active. To completely clean a system, users must uninstall the affected crypto wallet software and reinstall it from verified sources. Indeed, security experts noted that the extent of the threat highlights the growing risks of the software supply chain that threaten the industry. “The frequency and sophistication of attacks by the software supply chain that target the cryptocurrency industry is also a warning sign of what could happen in other industries. And they are additional proof of the need for organizations to improve their ability to monitor threats and attacks on the software supply chain, “said Reversinglabs. This week, Kaspersky researchers reported a parallel campaign using SourceForge, where cybercriminals have downloaded fake Microsoft Office installers with malware. These infected files included embezzlement of clipboard and crypto minors, posing as legitimate software but operating silently in the background to compromise the portfolios. These incidents highlight an increase in open-source abuse and have a disturbing trend where attackers are hiding more and more malware inside confidence software packages for developers. Given the importance of these attacks, Crypto users and developers are invited to remain vigilant, to check the sources of software and to implement solid security practices to alleviate growing threats. According to Defillama, more than $ 1.5 billion in crypto assets were lost due to exploits in the first quarter of 2025 only. The largest incident involved a violation of $ 1.4 billion at Bybit in February. Notice of non-responsibility Non-responsibility notice: In accordance with the guidelines of The Trust Project, BEINCRYPTO undertakes to provide impartial and transparent information. This article aims to provide exact and relevant information. However, we invite readers to verify the facts of their own and consult a professional before making a decision on the basis of this content.
