Supply Chain Key Theft in npm: How 5 Typosquatted Packages Silently Drain Solana and Ethereum Wallets — And a 7-Step Defense Playbook

TL;DR On March 24, 2026, Socket's Threat Research Team disclosed five malicious npm packages — raydium-bs58 , base-x-64 , base_xd , bs58-basic , and ethersproject-wallet — all published under the account galedonovan . Each package typosquats a legitimate crypto library, hooks the exact function where developers pass private keys, and silently exfiltrates them to a Telegram bot before returning the expected result. No errors. No side effects. Your code works perfectly while your keys vanish. This article breaks down exactly how the attack works, why traditional security tooling misses it, and a concrete 7-step defense playbook every Solana and Ethereum developer should implement today. The Attack: Invisible Key Interception Solana Side (4 packages) Four packages — raydium-bs58 , base-x-64 , bs58-basic , and base_xd — target Solana developers by intercepting Base58.decode() calls. This is the standard pattern for loading a keypair: // This looks normal, but if bs58 is a typosquat... cons

Supply Chain Key Theft in npm: How 5 Typosquatted Packages Silently Drain Solana and Ethereum Wallets — And a 7-Step Defense Playbook

Related Articles

Xiaomi Poco X8 Pro Review: Iron Man

Google pixel 11 pro leaks first look!

End-to-End Testing: Playwright vs Cypress in Real Projects

I Vibecoded a Playful Color Picker…and It Turned Into Something Crazy

.GUI

Related Articles

News
Xiaomi Poco X8 Pro Review: Iron Man
Medium Programming • 1h ago

News
Google pixel 11 pro leaks first look!
Medium Programming • 1h ago

News
End-to-End Testing: Playwright vs Cypress in Real Projects
Medium Programming • 2h ago

News
I Vibecoded a Playful Color Picker…and It Turned Into Something Crazy
Medium Programming • 3h ago

News
.GUI
Medium Programming • 4h ago