[zmaurelius]

I am really surprised that there haven't been even more malicious packages distributed in the past couple of years considering the rise of cryptocurrency. Seems like a determined and malicious actor could score big by targeting the more popular wallets.

[louislang]

It's totally happening. We've seen packages targeting a lot of the big exchanges. Most of the packages are targeting developers directly though; attempting to exfil the users wallets/keys.

[blktiger]

Sonatype found a whole bunch of those and blogged about it in August. https://blog.sonatype.com/more-than-200-cryptominers-flood-n...

Disclaimer: I currently work for Sonatype, but in a different area of the company.

[zmaurelius]

Thanks for sharing this, I had no idea it was already this prevalent.