Crypto Wallet Users Targeted by Malicious Software in Supply Chain Attack

Threat actors are targeting users of the Atomic and Exodus wallets by uploading malicious software packages to online coding repositories in order to steal crypto private keys, as reported by cybersecurity professionals. The exploit involves hiding malicious code within seemingly legitimate npm software packages, which are widely used by software developers. These packages target locally installed files of the Atomic Wallet and Exodus Wallet, compromising the user interface and tricking victims into sending crypto to scam addresses. The industry faces an emerging threat from software supply chain attacks, with hackers continuously evolving their methods to avoid detection and steal user funds. In Q1 2025, the crypto industry suffered approximately $2 billion in losses due to hacks and exploits, including the $1.4 billion Bybit hack in February.