Two malicious Axios npm releases have triggered warnings for developers to rotate credentials and treat affected systems as compromised following a supply chain attack on the widely used JavaScript HTTP client.
The breach was first identified by cybersecurity firm Socket, which reported that [email protected] and [email protected] had been altered to include a malicious dependency, [email protected]. This package executed automatically during installation before the compromised versions were removed from npm.
According to OX Security, the injected code could grant attackers remote access to infected machines, enabling the theft of sensitive data such as login credentials, API keys and cryptocurrency wallet information.
The incident highlights how a single compromised open-source dependency can cascade across thousands of applications, potentially impacting developers, platforms and end users alike.
Security firms urge immediate action
OX Security has advised developers who installed the affected versions to assume full system compromise and immediately rotate all credentials, including API keys and session tokens.
Socket confirmed that the malicious dependency was configured to run via a post-install script, allowing attackers to execute code without requiring further user interaction.
Developers are urged to audit their projects and dependency trees for the affected Axios versions and the [email protected] package, and to remove or roll back any compromised components without delay.
Previous crypto-related breaches demonstrate how supply chain attacks can escalate into large-scale losses.
On Jan. 3, onchain investigator ZachXBT reported that hundreds of wallets across Ethereum Virtual Machine–compatible networks were drained in a widespread attack targeting small balances.
Cybersecurity researcher Vladimir S. later suggested the incident may be linked to a December breach involving Trust Wallet, which led to approximately $7 million in losses across more than 2,500 wallets.
Trust Wallet subsequently indicated that the breach may have originated from a compromised npm package used in its development pipeline, underscoring the growing risks tied to software supply chains.
