Microsoft warns of two npm packages that steal crypto wallet credentials via Hugging Face repos. Developers should audit installs now.
Microsoft Threat Intelligence has identified a live malware campaign using two compromised npm packages, @0xengine/xmlrpc and @0xengine/httpreq, to steal crypto wallet credentials from developer machines. The attack abuses Hugging Face repositories as exfiltration infrastructure, a tactic that blends stolen data traffic with legitimate AI platform traffic.
For crypto users and developers, the risk is direct. An infected developer machine can expose browser wallets, private keys, seed phrase files, exchange API keys, GitHub tokens, and cloud logins. If attackers collect these, they can drain wallets, compromise code repositories, and access trading systems.
The two packages deploy a remote access trojan (RAT) capable of collecting keystrokes, screenshots, and crypto wallet credentials. Once a developer installs either package, the malware runs quietly on the device and monitors for sensitive files and password stores.
The campaign's distinguishing feature is its use of Hugging Face, a widely trusted platform for AI and machine learning projects, to move stolen data. Exfiltrating data through a legitimate cloud service makes the traffic less suspicious than a direct connection to an unknown server. Microsoft described the packages as "abusing Hugging Face repos as exfiltration infrastructure."
Practical rule: When stolen data travels through a known platform, standard network monitoring tools may miss the signal entirely.
A single compromised npm dependency exposes multiple asset classes:
This is not an isolated incident. Crypto.news reported on May 25 that the TrapDoor malware campaign had spread through more than 34 malicious packages across npm, PyPI, and Rust ecosystems. That campaign targeted crypto and AI developers specifically, stealing wallet data, API keys, cloud credentials, and SSH access through fake developer tools.
TrapDoor showed the shift in attacker focus: rather than targeting end users with phishing emails, attackers now poison the tools developers use every day. A single malicious package can compromise every project that depends on it.
In March, blockchain security firm Slow Fog warned developers about malicious Axios releases on npm. Those poisoned versions pulled in plain-crypto-js malware, exposing crypto developers to cross-platform RATs and credential theft.
On May 26, Microsoft disclosed a distinct campaign in which attackers used poisoned search results and some AI chatbot interactions to spread fake PC utility downloads. The malware installed GPU miners on machines with powerful graphics cards.
Targets included gamers and hardware enthusiasts who searched for legitimate utilities. Microsoft said the malware abused ScreenConnect, Microsoft .NET utilities, and fake downloads for tools such as CrystalDiskInfo and HWMonitor to run the miners.
Key insight: Both campaigns exploit trust. One attacks the developer supply chain; the other attacks search-driven software distribution. The underlying mechanism is the same: compromise a trusted channel.
npm audit fix --force only after verifying each change.Analysts using AlphaScala can track MSFT (Microsoft Corporation), which currently carries an Alpha Score of 67 (Moderate), down 4.17% on the session to $441.31. The score reflects the market's view of Microsoft's broader security product revenue potential vs. the cost of breach disclosures.
Risk to watch: Security teams at crypto exchanges and DeFi platforms should treat any npm dependency installed in the last 72 hours as suspect until verified. The Hugging Face exfiltration route means the data may have already left the building.
What this means: Software supply-chain attacks are no longer theoretical. For traders, the direct risk is to exchange hot wallets and DeFi protocol admin keys stored on developer machines. The indirect risk is to any token or protocol whose developer team has been compromised. Until the full scope of the npm campaign is known, the safe assumption is that no team is clean.
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.