SlowMist has identified a cross-registry supply chain attack targeting developers in the cryptocurrency, DeFi, Solana, Sui/Move, and AI sectors. The attack, detected by SlowMist's MistEye system, involves over 34 malicious packages and more than 384 versions across npm, PyPI, and Crates.io registries. These packages aim to steal sensitive information such as crypto wallets, SSH keys, and cloud credentials. The attack employs various methods to maintain persistence, including Git hooks and systemd. SlowMist advises developers to remove affected packages, isolate compromised systems, rotate credentials, and rebuild environments from clean images. A thorough review of GitHub, cloud services, and wallet activities is also recommended to mitigate risks.