The most recent news about crypto industry at Cointelegraph. Latest news about bitcoin, ethereum, blockchain, mining, cryptocurrency prices and more
Update March 31, 2026, 1:28 pm UTC: This article has been updated to add comments from Abdelfattah Ibrahim, senior offensive security engineer at Hacken. Two malicious Axios npm releases have prompted warnings for developers to rotate credentials and treat affected systems as compromised after a supply chain attack poisoned the popular JavaScript HTTP client library.
axios@1.14.1 and axios@0.30.4 were modified to pull in plain-crypto-js@4.2.1, a malicious dependency that ran automatically during installation before the releases were removed from npm.to security company OX Security, the altered code can give attackers remote access to infected devices, allowing them to steal sensitive data such as login credentials, API keys and crypto wallet information. The incident shows how a single compromised open-source component can potentially ripple across thousands of applications that rely on it, exposing not just developers but also platforms and users connected to the system. OX Security warned developers who installed axios@1.14.1 or axios@0.30.4 to treat their systems as fully compromised and immediately rotate credentials, including API keys and session tokens. Socket said the compromised Axios releases were modified to include a dependency on plain-crypto-js@4.2.1, a package published shortly before the incident and later identified as malicious.The company said the dependency was configured to run automatically during installation through a post-install script, allowing attackers to execute code on target systems without additional user interaction. Socket advised developers to review their projects and dependency files for the affected Axios versions and the associated plain-crypto-js@4.2.1 package, and to remove or roll back any compromised versions immediately. Abdelfattah Ibrahim, senior offensive security engineer at Hacken, told Cointelegraph that the compromise could have serious implications for crypto-related applications that rely on Axios for backend operations. “That’s bad news for dapps and apps that deal with cryptocurrency because Axios plays a huge role in API calls,” he said, noting that affected systems could include exchange integrations, wallet balance checks and transaction broadcasts. Ibrahim said the malware deployed in the attack functions as a full remote access trojan, allowing attackers to interact directly with compromised systems. He added that the incident highlights a broader weakness in how supply chain risks are handled.Cybersecurity researcher Vladimir S. said the incident was potentially linked to a December breach affecting Trust Wallet, which resulted in roughly $7 million in losses across over 2,500 wallets. Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
3D-Printed Homes: A Potential Solution for Expanding US Housing SupplyThe US housing market could see a major boost with the introduction of 3D-printed homes, a construction method that promises to make building faster, cheaper, and more sustainable. This innovative approach could help to alleviate the current housing shortage, but it also raises questions about the future of the construction industry.
Read more »
KitKat Addresses 12-Ton Heist Ahead of Easter: 'Supply is Not Affected'KitKat said 413,793 bars—roughly 26,455 pounds—were on the stolen truck that has yet to be recovered.
Read more »
Global Economy Under Pressure: War's Impact on Energy, Supply Chains, and InflationThe ongoing conflict between the US and Israel on Iran is causing major disruptions to the global economy. Rising energy prices, supply chain bottlenecks, and the threat of inflation are creating economic challenges around the world. The article highlights the impacts on fuel prices, essential materials, and the potential for a recession.
Read more »
Aaron Wood`s articles on CointelegraphAaron Wood is a staff writer at Cointelegraph. He is a senior features writer covering cryptocurrency-related policy, regulation, politics, and energy usage.
Read more »
Investigation | CointelegraphInvestigation by Cointelegraph
Read more »
Cointelegraph Bitcoin & Ethereum Blockchain NewsThe most recent news about crypto industry at Cointelegraph. Latest news about bitcoin, ethereum, blockchain, mining, cryptocurrency prices and more
Read more »