registry  /  blockchain-helper-0  /  1.0.0

blockchain-helper-0@1.0.0

OSV Malicious Advisory

scanned 3h ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-5352 confirms this npm version as malicious. **Note:** *This report is updated by a verification record*

Advisory
MAL-2026-5352
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in blockchain-helper-0 (npm)
Details
**Note:** *This report is updated by a verification record* Crypto/SSH/wallet stealer (self-labeled "CRYPTO STEALER"). postinstall scripts/postinstall.js auto-execs, src/index.js harvests ~/.ssh/id_rsa + wallet keys/seeds + env and exfils to hardcoded Telegram bot 8227918239:AAGEMDrBZluDsBBYPxfSyMuv2l3FY8cZCcs chat 6433587894. Auto-exec + hardcoded attacker Telegram exfil; "blockchain-helper" identity has no reason to read SSH/wallet keys. --- ## Source: amazon-inspector (8b9fac34e13ad38cb702f7aad434d18aa276005fe5fa4cbe48c7eb65af26623d) The package was found to contain malicious code or consuming dependency that contains malicious code
Decision reason
OpenSSF Malicious Packages via OSV confirms blockchain-helper-0@1.0.0 as malicious (MAL-2026-5352): Malicious code in blockchain-helper-0 (npm)

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

1 High
HighOsv Malicious Advisory