Axios JavaScript Library Compromised in Supply Chain Attack, Crypto Wallets at Immediate Risk
Security experts are warning of an active supply chain attack targeting the widely used Axios JavaScript library, posing a direct threat to cryptocurrency wallets and developer infrastructure. The malicious npm package '[email protected]' was live for approximately three hours on March 31, 2026, before being unpublished, after researchers intercepted the attack which leveraged compromised maintainer credentials to inject a malicious dependency, [email protected]. This incident highlights the escalating risk of npm package attacks targeting the crypto ecosystem's foundational tooling.
What happened in the Axios npm attack?
StepSecurity was among the first to identify the issue. Two malicious versions of the Axios HTTP client library were published through the compromised credentials of a lead Axios maintainer, bypassing the normal publishing pipeline on GitHub.
According to StepSecurity, this was the most sophisticated attack against a widely used top-10 npm package. The malicious package version injects a new dependency, [email protected], which is not imported in the axios source code. The dependency runs a post-install script, active on all operating systems.
After using the npm, the client is infected with a remote access trojan dropper, which has a live server and delivers the payloads. The malware also deletes itself and replaces the suspect .json with a clean version to evade detection.
Which types of projects were affected?
The npm packages were among the most popular, with up to 100M weekly downloads. However, at this point, there are no reports of unauthorized crypto movement. Previously, an npm attack led to only $1,000 of crypto losses from obscure tokens.
The only way to limit malicious npm is to track versions and not allow automated upgrades, or check new versions for potential malicious uploads.
New supply chain attack this time for npm axios, the most popular HTTP client library with 300M weekly downloads.
Scanning my system I found a use imported from googleworkspace/cli from a few days ago when I was experimenting with gmail/gcal cli. The installed version (luckily)… https://t.co/9DOVWH5KK1
— Andrej Karpathy (@karpathy) March 31, 2026
Researchers also discovered two additional malicious packages delivering payloads the same way – @shadanai/openclaw and @qqbrowser/openclaw-qbot. The attack follows the LiteLLM malicious code injection by just a week.
There is no report of Web3 or OpenClaw projects being affected or any crypto stolen, for the duration of the attack. However, warnings were issued that npm attacks may now become the norm, either through stolen credentials or unauthorized publishers. The threat follows previous warnings on malicious code using the OpenClaw skill platform.
The packages are not limited to Web3 or bot projects, and may affect any payloads linked to crypto wallets. The loss of trust in npm and pip installs for Python may also erode the general trust in the library ecosystem, with calls for a more secure upload path.
The usage of AI agents may also lead to indiscriminate package downloading, spreading the threat. The actual effects on crypto wallets may not be immediate, but they still potentially expose wallet data.
Your bank is using your money. You’re getting the scraps. Watch our free video on becoming your own bank
