Cybersecurity lab SlowMist has issued an emergency security warning under the code SM-2026-352284. According to the official statement, an active cross-registry supply chain attack has been detected, targeting creators of Web3 and AI products.

Hackers injected more than 34 malicious packages and 384 associated versions into the largest repositories, including npm, PyPI and Crates.io, directly targeting developers in the Solana, DeFi, and AI ecosystems.

The incident is unfolding against the backdrop of April's anti-record, when the DeFi sector lost an unprecedented $635 million across 28 hacks. Although the scale of direct smart contract exploits declined in May, SlowMist telemetry shows a fundamental change in attacker tactics. 

HOT Stories Crypto King Barry Silbert: Privacy Era is Here Zcash (ZEC) Paints Falling Star as Momentum Fades, Toncoin (TON) on Verge of Bullish Boundary, Shiba Inu (SHIB) Price Reset Is Near: Crypto Market Review

Security warning under the code SM-2026-352284 about TrapDoor, Source: SlowMist

Threat actors have moved their focus from attacking protected servers to covertly compromising engineers' personal devices.

How TrapDoor hijacks "vibe coding"

SlowMist's analysis showed that TrapDoor is designed for full compromise of developer workstations. The malware steals crypto wallets, cloud tokens such as AWS and GitHub credentials, and access keys, sending them to addresses controlled by the attackers. 

Conceptually, the scheme repeats the logic of the well-known npm worm "Mini Shai-Hulud".

To maintain covert persistence in the system, the payload writes itself directly into AI assistant configuration files such as .cursorrules and CLAUDE.md, while also hiding inside Git hooks and automation scripts. In repositories, the software is disguised as AI plugins and build utilities for Sui and Move.

You Might Also Like
Mon, 05/25/2026 - 10:54 BlackRock Sells $1 Billion of Bitcoin After Poor ETF PerformanceByCaroline Amosun

The incident is worsened by the trend of "vibe coding", where engineers assemble projects through prompts and blindly connect dozens of nested libraries. As a result, AI agents automatically download malicious code onto machines where smart editors have direct access to local configuration files. 

Due to the critical status of the threat, SlowMist instructs teams to immediately remove the affected packages, isolate infected systems, preserve logs and launch a three-stage remediation protocol:

• AI configuration audit: Manually inspect local .cursorrules and CLAUDE.md files for third-party or anomalous instructions.
• Total credential rotation: Force-revoke and reissue all encryption keys, cloud tokens and GitHub secrets used on the devices.
• Full environment rebuild: Purge and reset build environments, then fully reinstall developer work environments from fresh system images.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。