VERY IMPORTANT

Threat actors are employing new techniques to target the cryptocurrency community by uploading packages to popular open source repositories that apply malicious 'patches' to local versions of legitimate libraries. A recent campaign launched on April 1 published a package called 'pdf-to-office' on npm, which injected malicious code into locally installed Atomic Wallet and Exodus crypto wallet software. This attack overwrote existing files, allowing attackers to swap out intended wallet destination addresses with their own. The malicious package was designed to target specific versions of the wallets and included persistence mechanisms. This campaign is part of a larger trend of sophisticated software supply chain attacks targeting the cryptocurrency industry, highlighting the need for improved monitoring and security measures in both commercial and open-source software.