Researchers warned that crypto developers are being targeted by malicious software packages that can slip into projects through AI coding tools and steal wallet credentials, passwords and funds.
ReversingLabs said its researchers found that a package called @validate-sdk/v2, which appeared to be a normal data-validation tool, was actually designed to steal sensitive information from the systems where it was installed.
ReversingLabs said the malicious package reached the crypto trading agent through another crypto-related package that had been added with help from Anthropic’s Claude Opus.
Crypto wallets were the main target
The campaign, which ReversingLabs named PromptMink, was aimed at crypto and Web3 developers, using packages that looked useful for Solana, Ethereum and trading-related projects.
The real danger lies in how ordinary the package looked, appearing to be a useful crypto tool while quietly searching for wallet keys, passwords, API tokens and other secrets once installed.
For crypto users and developers, that kind of theft can be especially damaging because leaked keys or credentials may allow attackers to not only drain wallets, but also access trading accounts, steal project data and take over parts of a project’s infrastructure.
AI coding tools were tricked
ReversingLabs said the campaign shows attackers are no longer trying only to fool human developers, but are also shaping malicious packages to appeal to AI coding agents that recommend or add software tools during development.
In this case, the malicious package was not added directly. A first package appeared harmless and crypto-focused, while a second package carried the stealing function. That two-step approach made the attack harder to spot and allowed attackers to replace the malicious layer when one package was detected or removed.
Researchers said the campaign showed signs of AI-assisted malware development, including comments and code patterns that appeared to come from large language models.
North Korea-linked group blamed
ReversingLabs attributed the campaign to Famous Chollima, a North Korea-linked threat group previously tied to attacks on crypto developers. The firm said it found more than 60 packages and hundreds of published versions connected to the wider campaign over several months.
The operation evolved over time, moving from basic information theft to more aggressive techniques, including attempts to add remote access keys and steal entire project folders. That means the risk was not limited to crypto funds, but also included source code and intellectual property.
What developers can do now
The main lesson is simple: crypto teams cannot rely on package names, polished documentation or AI recommendations alone.
Developers should review new dependencies before adding them, scan open-source packages for malware, avoid installing unknown crypto libraries without checks, and treat AI-generated code changes as suggestions that still need human review. Teams should also protect wallet keys and API tokens, avoid storing secrets in exposed project files, and monitor builds for unexpected package changes.





