■ LIVE INTEL
Sentinel APEX — AI-Powered Threat Intelligence Platform ▲ Upgrade to Enterprise — Unlimited API Access Security Tools Hub — 50+ Free Cyber Tools CVE & Threat Intelligence API — Free Tier Available CYBERDUDEBIVASH Corporate Portal — Enterprise Services API Documentation — RESTful Threat Intel API v1 Global AI Cybersecurity Leader — CYBERDUDEBIVASH.COM Sentinel APEX — AI-Powered Threat Intelligence Platform ▲ Upgrade to Enterprise — Unlimited API Access Security Tools Hub — 50+ Free Cyber Tools CVE & Threat Intelligence API — Free Tier Available CYBERDUDEBIVASH Corporate Portal — Enterprise Services API Documentation — RESTful Threat Intel API v1 Global AI Cybersecurity Leader — CYBERDUDEBIVASH.COM
■ Sentinel APEX ■ Tools Hub ■ API Platform ■ API Docs ■ Corporate ■ Main Site ■ Blog Hub ▲ UPGRADE NOW
SENTINEL APEX ECOSYSTEM — LIVE

AI-Powered
Cyber Intelligence
For The Enterprise

Real-time CVE analysis, APT tracking, malware intelligence, and autonomous SOC capabilities. Trusted by security teams worldwide.

■ Launch Sentinel APEX {} Explore API ▲ Enterprise Plans
🛡
Sentinel APEX
AI threat intelligence hub with live CVE & APT feeds
FLAGSHIP
Threat Intel API
RESTful API — CVE, malware, APT data streams
FREE TIER 🔧
Security Tools
50+ free cyber tools — scanner, analyzer, encoder
FREE
Enterprise Plans
Unlimited API, SOC integration, priority support
UPGRADE 🏢
Corporate Portal
Enterprise security consulting & services
CORPORATE 📄
API Docs
Full API reference, endpoints, auth guide
DOCS
LIVE THREAT INTELLIGENCE FEED
VIEW FULL DASHBOARD ↗
SENTINEL APEX
AI Threat Intel Platform
intel.cyberdudebivash.com ↗
THREAT API
Checking status...
API Platform ↗
LATEST CVE
Loading...
Live from Sentinel APEX API
AI SUMMARY
Loading...
▲ Upgrade for full access
CYBERDUDEBIVASH ECOSYSTEM
ALL SYSTEMS LIVE
FLAGSHIP PLATFORM
Sentinel APEX
intel.cyberdudebivash.com
REST API
Threat Intel API
intel.cyberdudebivash.com/api
FREE TOOLS
Security Tools Hub
tools.cyberdudebivash.com
ENTERPRISE
Upgrade to Pro
intel.cyberdudebivash.com/upgrade
CORPORATE
Corporate Portal
cyberdudebivash.in
MAIN SITE
cyberdudebivash.com
www.cyberdudebivash.com
#CyberDudeBivash #npmSecurity #SoftwareSupplyChain #Web3 #CryptoWallets #MaliciousPackages #Flashbots #OSS #ThreatIntel #CyberDefense

npm Malicious Packages: Crypto-Wallet Credential Theft Campaign Author: CyberDudeBivash





 Powered by: cyberdudebivash.com | cyberbivash.blogspot.com | cryptobivash.code.blog

What happened

Security researchers uncovered four npm packages posing as cryptographic/Flashbots utilities that exfiltrate private keys and seed phrases from developers’ machines (to a Telegram bot) — a coordinated supply-chain attack on Web3 builders. SocketThe Hacker News

Packages & publisher

  • @flashbotts/ethers-provider-bundle

  • flashbot-sdk-eth

  • sdk-ethers

  • gram-utilz
    Publisher alias: flashbotts (email aning2028@gmail[.]com). Exfil path includes Telegram bot ID 8083151136 and hard-coded SMTP transport; one package also force-redirects unsigned txs to wallet 0x38F528E7…E3E02. Socket

Note: Similar npm crypto-theft waves have hit recently (e.g., nodejs-smtp, Nx incident), underscoring sustained targeting of developer toolchains. The Hacker NewsTechRadar

Indicators of Compromise (quick copy)

  • Installed any of: @flashbotts/ethers-provider-bundle, flashbot-sdk-eth, sdk-ethers, gram-utilz

  • Outbound traffic to Telegram bot/chat IDs listed above or to smtp.mailtrap.io:2525 during npm install / runtime

  • Wallet drains or transactions unexpectedly retargeted to 0x38F528E7…E3E02 Socket

What to do now (prioritized)

  1. Immediately remove the four packages from any projects and rotate all exposed secrets (private keys, mnemonics, env vars). Socket

  2. Audit your dependency tree: npm ls | grep -E "(flashbot-sdk-eth|sdk-ethers|ethers-provider-bundle|gram-utilz)".

  3. Lock & verify: enforce lockfiles (npm ci in CI), enable immutable installs, and pin exact versions.

  4. Runtime egress controls in CI/dev: block Telegram/SMTP and unknown domains during builds to catch exfil attempts.

  5. Use supply-chain scanners (e.g., Socket, Snyk) and enable guardrails for AI code assistants to prevent hallucinated package installs. SocketTechRadar

  6. Principle of least privilege for tokens: use scoped, read-only npm/GitHub tokens; store secrets in a vault, not .env files synced to repos.

  7. Hunt for artifacts: search logs for the bot/chat IDs and the Mailtrap host; review git history for added dependencies matching the above names. Socket

One-paragraph summary for your readers

A threat actor published four npm packages — @flashbotts/ethers-provider-bundle, flashbot-sdk-eth, sdk-ethers, gram-utilz — that masquerade as Flashbots/crypto tools but steal wallet secrets to a Telegram bot and can even redirect unsigned transactions to an attacker wallet. Remove them, rotate keys, lock your supply chain, and block egress to Telegram/SMTP during builds. Socket


#CyberDudeBivash #npmSecurity #SoftwareSupplyChain #Web3 #CryptoWallets #MaliciousPackages #Flashbots #OSS #ThreatIntel #CyberDefense

POWERED BY SENTINEL APEX
Get Full Threat Intelligence Access
Live CVE feeds, APT tracking, malware analysis, AI summaries & enterprise SOC integration
LAUNCH PLATFORM ▲ UPGRADE
▸▸ LATEST THREAT ADVISORIES
⎯⎯⎯ NAVIGATE INTELLIGENCE REPORTS ⎯⎯⎯
■ LOADING NAVIGATION...