Three compromised versions of the node-ipc library, crucial for Node.js environments, have been identified, posing a significant threat to crypto developers. Security firm Slowmist reported on May 14 that versions 9.1.6, 9.2.3, and 12.0.1 of node-ipc were maliciously altered to steal over 90 types of credentials, including AWS keys and .env files, affecting over 822,000 weekly npm downloads. The attack exploits a dormant maintainer account, allowing the attacker to re-register an expired email domain and gain publish access. The malicious payload, embedded in the CommonJS bundle, activates automatically, exfiltrating data via DNS tunneling. Developers are urged to audit their projects for these versions and revert to clean releases to mitigate credential theft risks.