{
  "title": "Crypto Private Key Stealer Solana/Ethereum Typosquats",
  "summary": "On March 24, 2026, threat actors targeted cryptocurrency developers on the npm registry by typosquatting common Solana and Ethereum libraries. The malicious packages silently harvested and exfiltrated wallet private keys to a Telegram Bot C2.",
  "date": "2026-03-24",
  "severity": "critical",
  "tags": [
    "npm",
    "malicious-package",
    "typosquatting",
    "credential-theft",
    "crypto-stealer"
  ],
  "sources_count": 2,
  "indicators": {
    "slug": "crypto-key-stealer-typosquats",
    "since": "2026-03-24T00:00:00Z",
    "until": "2026-03-24T23:59:59Z",
    "ecosystem": "npm, javascript npm registry",
    "cves": [],
    "cwes": [],
    "advisoryIds": [],
    "products": [],
    "packages": [
      "raydium-bs58",
      "base-x-64",
      "bs58-basic",
      "ethersproject-wallet",
      "base_xd"
    ],
    "versions": [
      "1.0.0"
    ],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [
      "api.telegram.org"
    ],
    "urls": [
      "https://api.telegram.org/bot7231970337:AAExyV3dvbNs6xkMJB7S2hArUash9owd-bw/sendMessage`"
    ],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}