A malicious npm dependency linked to an AI-assisted code commit has been found stealing sensitive data and exposing crypto wallets, with researchers identifying the package @validate-sdk/v2 as the act that enabled exfiltration of secrets from infected environments. According to researchers at ReversingLabs, the activity, tracked as PromptMink, involved the package being added to an autonomous trading agent in February 2026 and reportedly co-authored by Anthropic's Claude Opus model.
The researchers described a layered attack structure that evaded detection, using legitimate-looking Web3 utilities to attract adoption while hidden payloads were delivered by secondary dependencies. Attribution points to North Korean state-sponsored actor Famous Chollima (also known as APT37 or Reaper), which has targeted cryptocurrency developers since 2018, and the group is said to have relied on more than 60 packages and over 300 versions across a seven-month campaign.
The campaign’s malware evolved from credential theft to broader capabilities, including scanning for environment files, collecting system information, compressing project folders before exfiltration, and installing SSH keys for persistent remote access, with a shift from JavaScript to compiled binaries and Rust-based payloads to improve evasion across Linux and Windows.