🚨 Over 2,100 downloads! Malicious npm packages draining crypto wallets

Socket Threat Research reports 4 malicious npm packages targeting Ethereum and BSC devs:

pancake_uniswap_validators_utils_snipe (350 DLs)

pancakeswap-oracle-prediction (445 DLs)

ethereum-smart-contract (305 DLs)

env-process (1054 DLs)

💸 Attackers use obfuscated JS to drain 80-85% of wallet balances, redirecting funds to attacker-controlled addresses.

⚠️ Same actor, active for 3–4 years.

🔐 Devs: use automated dependency scanning + credential management to stay safe!

#CryptoSecurity #Web3