Which versions of cryptodao-sdk are malicious?

The following npm versions of cryptodao-sdk are flagged malicious: 99.99.99. Treat any of these as compromised.

How do I remediate cryptodao-sdk if I installed it?

Remove cryptodao-sdk from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is cryptodao-sdk part of a known attack campaign?

Yes — cryptodao-sdk is associated with the IN-MAL-2026-006868 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect cryptodao-sdk in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking cryptodao-sdk and packages like it before any post-install script runs.

Malicious package

cryptodao-sdknpm

Malicious code in cryptodao-sdk (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5969

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall cryptodao-sdk

What this malware does

[email protected] ships a postinstall script (recon.js) that runs automatically on npm install and harvests installer-side secrets. The script enumerates a hardcoded list of credential-bearing environment variables (including AWS_SECRET_ACCESS_KEY, NPM_TOKEN, CI_JOB_TOKEN, GitLab tokens, database passwords, PRIVATE_KEY, MNEMONIC, RPC URLs, Docker credentials), reads.env files from common application paths, and lists CI build directories. The collected data, along with host metadata (hostname, platform, user, cwd), is POSTed over HTTPS to two attacker-controlled endpoints — webhook.site/d6d18927-... and enqoojbegdvxj.x.pipedream.net — with TLS verification explicitly disabled (rejectUnauthorized:false). A copy is also written to /tmp/.npm_recon_<ts>.json. The package.json sets version 99.99.99 (a classic dependency-confusion override to outrank private internal packages of the same name), the description claims it is an internal CryptoDAO module, and recon.js self-identifies in a comment as a 'CryptoDAO Dependency Confusion Reconnaissance Payload'. The combination of dep-confusion namespace abuse with install-time credential exfiltration is an unambiguous supply-chain attack.

The OpenSSF Package Analysis project identified 'cryptodao-sdk' @ 99.99.99 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.

Malicious versions

1 flagged

99.99.99

Indicators of compromise (SHA-256)

2fd0b9ae70fe8613fefca34d371faf77a9c69e36f8756c3da390d16f486a40e9

03ac58e81310f19b32d136445eab91f7ddc776921ff8dfd08bdb91bcdd4a1da6

Frequently asked questions

No. cryptodao-sdk on npm has been identified as a malicious package (version 99.99.99 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-006868

References

npmjs.com

Credits

Amazon Inspector · finder
OpenSSF: Package Analysis · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection