Bitwarden CLI Supply Chain Attack Puts Crypto Wallet Keys at Risk

April 23, 2026

Attackers hijacked password supervisor Bitwarden’s CLI model 2026.4.0 by a compromised GitHub Action, publishing a malicious npm bundle that actively steals crypto pockets information and developer credentials.

Security agency Socket found the breach on April 23 and linked it to the continuing TeamPCP provide chain marketing campaign. The rogue npm model has since been pulled.

Malware Target Risks Crypto Wallets and CI/CD Secrets

The malicious payload, embedded in a file known as bw1.js, ran throughout bundle set up and harvested GitHub and npm tokens, SSH keys, atmosphere variables, shell historical past, and cloud credentials.

TeamPCP’s broader marketing campaign is individually confirmed to focus on crypto pockets information, together with MetaMask, Phantom, and Solana pockets information.

According to JFrog, the stolen information was exfiltrated to attacker-controlled domains and dedicated again to GitHub repositories as a persistence mechanism.

Many crypto groups use the Bitwarden CLI in automated CI/CD pipelines for secrets and techniques injection and deployments. Any workflows that ran the compromised model might have uncovered high-value pockets keys and exchange API credentials.

Security researcher Adnan Khan famous that is the primary identified compromise of a bundle utilizing npm’s trusted publishing mechanism, which was designed to get rid of long-lived tokens.

I imagine that is the primary time bundle utilizing NPM trusted publishing has been compromised.

— Adnan Khan (@adnanthekhan) April 23, 2026

What Affected Users Should Do

Socket recommends that anybody who put in @bitwarden/cli model 2026.4.0 rotate each uncovered secret instantly.

Users ought to downgrade to model 2026.3.0 or swap to official signed binaries from Bitwarden’s web site.

TeamPCP has chained related assaults towards Trivy, Checkmarx, and LiteLLM since March 2026, concentrating on developer instruments that sit deep in construct pipelines.

Bitwarden’s core vault stays unaffected. Only the CLI construct course of was compromised.

The publish Bitwarden CLI Supply Chain Attack Puts Crypto Wallet Keys at Risk appeared first on BeInCrypto.

DeFi News Security

Hyperbridge Confirms Bridged Polkadot Exploit Was 10x Worse Than First Reported
ByRicardo April 17, 2026

Hyperbridge has revised losses from its April 13 exploit to roughly $2.5 million. That is about 10 instances the unique estimate of $237,000. The group disclosed the brand new determine in a post-incident replace on April 16. The revision provides losses from related incentive swimming pools. It additionally displays forensic work throughout 4 EVM chains….

Read More Hyperbridge Confirms Bridged Polkadot Exploit Was 10x Worse Than First Reported
Breaking Markets

MicroStrategy and BitMine Strike Together — Tom Lee Says the Mania Awaits
ByRicardo November 17, 2025

Two of the largest company gamers in cryptocurrency, MicroStrategy and BitMine, have simply escalated a quiet accumulation struggle. One is doubling down on Bitcoin, the different is increasing its grip on Ethereum. While every transfer appeared routine at first look, the scale and timing reveal one thing much more consequential constructing beneath the floor. MicroStrategy…

Read More MicroStrategy and BitMine Strike Together — Tom Lee Says the Mania Awaits
Crypto Crime News Security

LA Sheriff’s Deputy Pleads Guilty to Crypto Criminal Conspiracy
ByRicardo September 30, 2025

A former LA sheriff’s deputy simply pleaded responsible to a number of crimes, appearing as an enforcer in a higher crypto corruption scheme. He abused his authority to extort victims on behalf of his employer. The incidents in query passed off in 2021, however that is nonetheless an essential breakthrough for crimefighters. The deputy in…

Read More LA Sheriff’s Deputy Pleads Guilty to Crypto Criminal Conspiracy
Breaking Markets

X (Twitter) Lifts Crypto Ad Ban, But With Strings Attached
ByRicardo March 1, 2026

In a significant coverage shift, X has eliminated cryptocurrency and playing from its prohibited industries record for paid promotions, opening the door for influencers and KOLs to legally monetize crypto content material on the platform. The change marks a big reversal of a ban that had been in place since a minimum of June 2024….

Read More X (Twitter) Lifts Crypto Ad Ban, But With Strings Attached
Breaking Markets

Connection Between Zcash and Starknet Drives a Strong Case for STRK Price
ByRicardo November 11, 2025

Starknet’s native token, STRK, surged 35% on Monday, in line with CoinGecko information, as analysts draw parallels between its trajectory and Zcash (ZEC). With Zcash and Starknet sharing hyperlinks each via shared founders and a unified imaginative and prescient for programmable privateness, the current Zcash frenzy drives a robust case for STRK. Starknet’s Zcash Connection…

Read More Connection Between Zcash and Starknet Drives a Strong Case for STRK Price
Breaking Markets

5 Critical Factors That Could End Gold’s 7-Month Green Streak
ByRicardo February 22, 2026

Gold is on the verge of an unprecedented eighth consecutive month-to-month achieve, a streak that will mark the longest in its historical past. However, a number of headwinds are threatening to interrupt the rally. While buyers have flocked to the safe-haven steel amid macroeconomic uncertainty, market strategists warn that the run-up could also be reaching…

Read More 5 Critical Factors That Could End Gold’s 7-Month Green Streak

Bitwarden CLI Supply Chain Attack Puts Crypto Wallet Keys at Risk

Malware Target Risks Crypto Wallets and CI/CD Secrets

What Affected Users Should Do

Hyperbridge Confirms Bridged Polkadot Exploit Was 10x Worse Than First Reported

MicroStrategy and BitMine Strike Together — Tom Lee Says the Mania Awaits

LA Sheriff’s Deputy Pleads Guilty to Crypto Criminal Conspiracy

X (Twitter) Lifts Crypto Ad Ban, But With Strings Attached

Connection Between Zcash and Starknet Drives a Strong Case for STRK Price

5 Critical Factors That Could End Gold’s 7-Month Green Streak

Curated by experts. Filtered for relevance.

Resources

About

Subscribe & learn more every day!

Malware Target Risks Crypto Wallets and CI/CD Secrets

What Affected Users Should Do

Similar Posts

Curated by experts. Filtered for relevance.

Resources

About

Subscribe & learn more every day!