North Korean-linked hackers are using AI-generated code and layered npm dependencies to spread malware that steals cryptocurrency wallets and developer data, according to a technical analysis from ReversingLabs. The campaign, tracked as PromptMink, has involved packages that first appeared in September 2025 and later versions tied to a February 2026 commit.
KEY FACTS
- Campaign PromptMink uses benign-looking npm packages to pull in malicious dependencies.
- Target The code focuses on cryptocurrency wallets, secrets and developer projects.
- Actor The activity is linked to Famous Chollima, also known as Shifty Corsair.
- Scope The malware has also been seen in PyPI and in Rust-based payloads.
The package @validate-sdk/v2 was presented as a utility for hashing, validation and secure random generation, but the report said its real purpose was to harvest sensitive data from compromised systems. ReversingLabs said the package was added through a commit to an autonomous trading agent and that the commit was co-authored by Anthropic’s Claude Opus large language model.
The package was listed as a dependency of @solana-launchpad/sdk, which was then used by openpaw-graveyard, an autonomous AI agent for the Solana blockchain. The report said the first-layer packages were designed to appear legitimate while a second layer carried the malicious code.
Other packages identified in the same campaign included @meme-sdk/trade, @validate-ethereum-address/core, @solmasterv3/solana-metadata-sdk, @pumpfun-ipfs/sdk and @solana-ipfs/sdk. The malicious code scanned for .env and .json files, sent data to a Vercel-hosted endpoint and later evolved into larger payloads that could run on Windows, Linux and macOS.
The disclosure said the operation shifted over time from a simple infostealer to a multi-platform harvester that could also drop SSH backdoors and collect entire source code projects. It also said the group used typosquatting, transitive dependencies and precompiled add-ons to help the packages avoid detection.
WHY IT MATTERS
The findings show how package registries and AI coding tools can be combined to reach developers working on cryptocurrency and Web3 projects. The campaign also underscores the risk that trusted dependencies can be turned into a path for credential theft and wallet compromise.