Installed an npm package? Congratulations, Claude just drained you down to your last bitcoin
Over 1,500 developers fell victim to a cunning AI crypto thief.
Over 1,500 developers fell victim to a cunning AI crypto thief.
Researchers have uncovered a new threat in the npm ecosystem — a malicious package named @kodane/patch-manager, generated with the help of artificial intelligence and designed to steal cryptocurrency. Marketed as a library for “advanced license validation and registry optimization for high-performance Node.js applications,” it was uploaded by a user named Kodane on July 28, 2025, and racked up over 1,500 downloads before being removed from the public registry.
According to software supply chain security firm Safety, the malicious activity is embedded directly into the source code, disguised as an “enhanced stealth wallet drainer.” The infection occurs at the postinstall stage — an automatic script execution triggered right after package installation. This is especially dangerous in opaque CI/CD pipelines, where dependencies are updated without human oversight. As a result, systems can be compromised without ever running the code manually.
The malicious component generates a unique machine identifier and sends it to a command-and-control server at
sweeper-monitor-production.up.railway.app. The server logs compromised hosts — at least two were confirmed at the time of analysis. The script then deploys the payload into hidden directories across Windows, Linux, and macOS systems, making detection more difficult.
Next, the malware scans the device for local cryptocurrency wallets. Upon detecting wallet files, the drainer automatically transfers funds to a hardcoded Solana blockchain address. This mechanism operates independently and requires no user interaction, making the attack highly effective.
A notable aspect of this incident is that the package appears to have been partially or fully generated using Anthropic’s Claude chatbot. Telltale signs include:
- Emoji in log outputs
- Overly detailed and well-structured comments
- Friendly console messages
- A README file styled after Claude’s known templates
- Frequent use of the label “Enhanced” in commit messages — a recognizable Claude pattern
Analysts believe this attack underscores the rapidly escalating risks of AI-generated malware — not just code, but convincing, clean, and seemingly useful code. This significantly complicates the job of security teams and maintainers: threats can now masquerade as legitimate libraries, pass reviews, and enter production with no obvious red flags.
Recommendation: Always audit third-party packages — especially lesser-known ones — before integrating them, and consider restricting postinstall scripts in CI environments.
