North Korean hacking group Famous Chollima has been identified as the perpetrator behind a sophisticated attack on the open-source crypto trading project openpaw-graveyard. ReversingLabs discovered that the group used a malicious npm package named PromptMink, which was generated by Anthropic’s Claude Opus AI model, to steal cryptocurrency wallet credentials and system keys.
Since September 2025, Famous Chollima has employed a two-layer strategy to distribute these malicious npm packages. Initially, they release a "bait" package devoid of harmful code, followed by a second-layer package that executes the attack. The group has been quick to deploy replacement versions whenever the second-layer package is removed, maintaining their malicious activities.
North Korean Hackers Exploit npm Package to Steal Crypto Wallet Credentials
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.