North Korean hacker group uses malicious npm packages to steal encrypted wallet credentials

According to Cryptopolitan, ReversingLabs has discovered that the North Korean hacker group Famous Chollima used a malicious npm package called PromptMink to submit code generated by Anthropic's Claude Opus AI model, implanted it into the open-source encrypted trading project openpaw graveyard, and stole user encrypted wallet credentials and system keys. Starting from September 2025, the organization continues to spread malicious npm packages using a dual layer strategy, first releasing "bait" packages without malicious code, then launching attacks through the second layer packages, and quickly releasing replacement versions after the second layer packages are taken down.