Malicious npm Dependency Targets Crypto Wallets with AI-Assisted Code
A malicious npm dependency, linked to an AI-assisted code commit, has been discovered stealing sensitive data and targeting cryptocurrency wallets. Researchers at ReversingLabs identified the package, disguised as a validation tool, which enabled attackers to exfiltrate secrets and access funds. The activity, known as PromptMink, involved the package @validate-sdk/v2, added to an autonomous trading agent in February 2026. The attack is attributed to the North Korean state-sponsored group Famous Chollima, known for targeting cryptocurrency developers. The group used a two-layer package strategy to separate legitimate-looking tools from hidden malicious payloads, allowing them to maintain trust while delivering malware. 
