Gate News message, April 24 — Bitwarden CLI version 2026.4.0 was compromised in a supply chain attack between 17:57 and 19:30 ET on April 24, according to SlowMist CISO 23pds. Attackers exploited GitHub Actions in Bitwarden’s CI/CD pipeline to inject a malicious package that was briefly distributed via npm.
The attack targeted the repository’s continuous integration workflow, allowing unauthorized code to reach the package registry. However, Bitwarden confirmed that Vault data was not compromised, production systems were unaffected, and only users who installed version 2026.4.0 from npm during the 1.5-hour window were impacted.
Bitwarden advised affected users to immediately uninstall version 2026.4.0, clear npm cache, rotate API tokens and SSH keys, audit GitHub and CI activity for anomalies, and upgrade to the patched version 2026.4.1.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Bitwarden CLI malicious npm package exposed, encrypted wallets face risk of theft
Misty Fog Chief Information Security Officer 23pds forwards a warning from the Bitwarden security team. The Bitwarden CLI 2026.4.0 version had an npm version that had been tampered with—where a malicious package was distributed through npm—within a 1.5-hour window from 5:57 PM to 7:30 PM Eastern Time on April 22, and that version has been withdrawn. Bitwarden has officially confirmed that password vault data and production systems were not affected.
MarketWhisper1m ago
JPMorgan Chase: KelpDAO bug wipes out $20 billion in DeFi TVL, institutional appeal damaged
A J.P. Morgan research team led by analyst Nikolaos Panigirtzoglou released a report on April 23 stating that persistent security vulnerabilities and stagnant total locked value (TVL) are weakening DeFi’s appeal to institutional investors. The report emphasized that the KelpDAO vulnerability wiped out roughly $20 billion worth of DeFi TVL within days, exposing structural risks.
MarketWhisper4m ago
Slow Mist Alert: North Korean hacker group recruits and tricks Web3 developers, stealing 12 million in 3 months
SlowMist, a security organization, has issued an emergency alert. North Korea’s Lazarus organization’s subsidiary, HexagonalRodent, is launching attacks against Web3 developers, using social engineering tactics such as high-paying remote positions to lure developers into executing skill assessment code that includes malicious software backdoors, ultimately stealing crypto assets. According to an Expel investigation report, in the first three months of 2026, the loss amount reached $12 million.
MarketWhisper9m ago
CryptoQuant: KelpDAO Exploit Triggers the Most Severe Crisis Since 2024, Aave TVL Plunges 33%
According to CryptoQuant’s assessment on April 23, the KelpDAO exploit attack that occurred last week created potential bad debt risk for Aave of $124 million to $230 million within 72 hours, with TVL crashing 33%. USDT and USDC borrowing rates jumped from 3.4% to 14%, and ETH borrowing rates rose to the highest level since January 2024 at 8%.
MarketWhisper41m ago
North Korean APT Group HexagonalRodent Steals $12M in Crypto from Web3 Developers Using AI-Powered Attacks
Gate News message, April 24 — A North Korean state-sponsored APT group dubbed HexagonalRodent has stolen over $12 million in cryptocurrency and NFTs from Web3 developers in the first quarter of 2026, according to cybersecurity firm Expel. The group compromised 2,726 developer devices and gained acce
GateNews59m ago
