npm SANDWORM_MODE worm steals crypto keys from 19 npm packages, targets LLM API keys and CI secrets

Published: 2026-02-21 18:06:01 |

A live npm supply-chain attack, tracked as SANDWORM_MODE, is actively stealing developer and CI secrets from at least 19 malicious npm packages published under aliases official334 and javaorg. The worm immediately exfiltrates crypto assets — BIP39 mnemonics, Ethereum and Bitcoin private keys (WIF, xprv), Solana key arrays — plus npm and GitHub tokens to a Cloudflare Worker drain endpoint upon package import. A second-stage payload, unlocked after a 48-hour host/user-derived delay (but immediate in CI environments), scans password managers (Bitwarden, 1Password, LastPass CLIs), local SQLite stores, Apple Notes/macOS Messages, and full filesystem wallet files. The campaign also injects malicious GitHub workflows, poisons AI toolchains (impersonating Claude Code and targeting tools like Claude Desktop, Cursor, VS Code extensions), and harvests LLM API keys from providers including OpenAI, Anthropic, Google, Groq, Replicate, Cohere and others. Exfiltration uses cascading channels: HTTPS to a Cloudflare Worker, authenticated GitHub uploads (double-base64), and DNS tunneling; a domain-generation fallback exists. npm removed the packages and GitHub/Cloudflare took down infrastructure, but operators should treat any affected host as compromised: rotate npm/GitHub/CI secrets, audit .github/workflows for malicious pull_request_target usage, check git global templateDir, and inspect AI assistant configs for rogue mcpServer entries. The worm contains dormant polymorphic and destructive modules (shredding home files) that increase risk of future, more evasive variants.

Bearish

This incident increases short-term risk for crypto markets and developer-run services. Immediate theft of private keys and CI secrets can trigger wallet drains, forced liquidations, and loss of confidence among custodial and self-custody users. Traders may see short-term selling pressure on affected tokens if specific projects or wallets are known to be compromised. The broader impact on market stability is negative: supply-chain malware undermines developer tooling trust and can slow deployments, prompting risk-off positioning. Historically, high-profile wallet or exchange breaches (e.g., large-scale private key leaks or hot-wallet compromises) produced sharp short-term price drops and volatility, even when direct token losses were limited. Longer term, effects are more neutral to mildly negative: once secrets are rotated, containment occurs, and no major protocol-level exploit follows, markets typically recover. However, persistent supply-chain threats and potential future polymorphic variants raise ongoing operational risk premiums for developers and institutional participants, which may slightly dampen long-term sentiment until tooling and CI security improve.