Slow Fog: The new Rust supply chain malicious activity IronWorm is attacking the Web3 ecosystem through npm packages

By: rootdata|2026/06/04 15:43:09

According to SlowMist monitoring, a new type of Rust supply chain malware activity named IronWorm is attacking developer environments and the Web3 ecosystem through malicious npm packages. Potential attack behaviors include credential theft, wallet mnemonic and password theft, GitHub repository tampering, malicious package publishing, CI/CD secret leakage, Tor-based command control, and eBPF rootkit stealth.

Security teams should audit the repository for backtracked commits, suspicious branches, unexpected build hooks, and commits from automated identities such as claude, dependabot, renovate, or github-actions. It is recommended to remove or deprecate affected package versions, publish clean versions, rotate all leaked keys and tokens, review GitHub Actions artifacts, and rebuild potentially compromised development or CI systems from clean images.

-- Price

The leak of the CLARITY bill draft has triggered a plunge in Circle and Coinbase, directly hitting the core provision of the stablecoin "ban on interest," revealing the deep political and economic game in Washington's strict prevention of stablecoins evolving into on-chain savings accounts and the c...

Tokenized US stocks are not the "liquidity killer" of the crypto market

"As garbage coins are gradually eliminated, the protocols, infrastructure, and financial products that can truly create value have the opportunity to obtain a more reasonable valuation."

What Is TradFi and Why Is Everyone Talking About It in 2026?

Gold is rallying, SpaceX is heading for a historic IPO, and oil remains highly volatile. Discover why TradFi is back in focus and how crypto traders can access these opportunities with USDT. Put another way, TradFi Is Having Its Biggest Moment Ever, and Crypto Traders Are Perfectly Positioned

From Poland to Paris: A Look Back at WEEX's Global Community Journey in May 2026

Follow WEEX's global journey across Poland, Barcelona, Dubai, Milan and Paris. Explore Bitcoin Pizza Day, LALIGA VIP experiences, Web3 networking events, trading education and more from an action-packed May.

WEEX WXT Eco Carnival: How to Join WXT Events and Plan Trading Tasks

The WEEX WXT Eco Carnival is an ecosystem campaign built around WEEX Token (WXT), designed for users interested in platform tokens, spot trading, futures trading, deposit tasks, and referral rewards.

Morning Report | Strategy sold 32 BTC and over 800,000 shares of MSTR last week; Binance officially announced its U.S. stock trading portal; Polymarket reached an exclusive partnership with OneFootball

Overview of Important Market Events on June 1st

Zhou Hang: How much is SpaceX really worth?

Great companies do not equal good stocks: A deep analysis of why SpaceX's $1.75 trillion IPO valuation may contain a $1.25 trillion bubble, and retail investors should avoid blindly chasing "story premiums."

IOSG: From Coinbase to Upbit: How a Token Completes a 28-Day Journey of Taking Over

The IOSG report indicates that by 2026, the listing of tokens on first-tier exchanges has formed a highly structured path where Coinbase and ByBit are responsible for initial discovery, Binance quickly verifies and confirms, and Korean exchanges provide liquidity at the end.