Crypto investors were put on alert after cybersecurity firm Safety revealed on July 31 that a malicious JavaScript package designed with artificial intelligence (AI) had been used to steal funds from crypto wallets. Disguised as a benign utility called @kodane/patch-manager on the Node Package Manager (NPM) registry, the package contained embedded scripts engineered to drain wallet balances. Paul McCarty, head of research at Safety, explained:

Safety’s malicious package detection technology has discovered an AI-generated malicious NPM package that functions as a sophisticated cryptocurrency wallet drainer, highlighting how threat actors are leveraging AI to create more convincing and dangerous malware.

The package executed scripts post-installation, deploying renamed files—monitor.js, sweeper.js, and utils.js—into hidden directories across Linux, Windows, and macOS systems. A background script, connection-pool.js, maintained an active connection to a command-and-control (C2) server, scanning infected devices for wallet files. Once detected, transaction-cache.js initiated the actual theft: “When a crypto wallet file is found, this file actually does the ‘sweeping’ which is the draining of funds from the wallet. It does this by identifying what’s in the wallet, then draining most of it.”

The stolen assets were routed through a hardcoded Remote Procedure Call (RPC) endpoint to a specific address on the Solana blockchain. McCarty added:

The drainer is designed to steal funds from unsuspecting developers and their applications’ users.

Published on July 28 and removed by July 30, the malware was downloaded over 1,500 times before NPM flagged it as malicious. Safety, based in Vancouver, is known for its prevention-first approach to software supply chain security. Its AI-driven systems analyze millions of open-source package updates, maintaining a proprietary database that detects four times more vulnerabilities than public sources. The firm’s tools are used by individual developers, Fortune 500 companies, and government agencies.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。