ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

Summary

This update details a series of high-impact security incidents involving the compromise of decentralized finance (DeFi) infrastructure, widespread npm supply chain attacks, and emerging vulnerabilities in AI agents and desktop applications. These threats highlight a strategic shift toward targeting off-chain infrastructure, software dependencies, and the integration points between LLMs and web content.

Key Points

• DeFi Infrastructure Compromise: The KelpDAO exploit resulted in a $290M theft by targeting LayerZero's off-chain infrastructure, specifically compromising two RPC nodes and DDoS-ing a third to manipulate a 1-of-1 Decentralized Verifier Network (DVN) setup.
• npm Supply Chain Malware: A surge of malicious packages (including ixpresso-core, forge-jsx, and @fairwords scope) has been identified performing system reconnaissance, injecting SSH keys into ~/.ssh/authorized_keys, and delivering the XWorm RAT.
• Cross-Ecosystem Propagation: Malicious packages under the @fairwords scope utilize stolen user tokens to self-propagating across the npm registry and attempt cross-ecosystem attacks on PyPI via .pth file injection.
• macOS-Specific Malware: The @velora-dex/sdk (version 9.4.1) was found to execute Base64-encoded payloads that fetch and deploy the minirat Go-based remote access trojan (RAT) on macOS systems.
• AI Prompt Injection: New Indirect Prompt Injection (IPI) payloads are targeting AI agents by poisoning web content to trigger unauthorized API key theft, data destruction, and financial fraud.
• Smart Home RCE: The MajorDoMo platform is subject to active exploitation of CVE-2026-27175 (command injection) and CVE-2026-27174 (unauthenticated RCE via the PHP admin console).
• Browser Data Exfiltration: The Claude desktop application uses Native Messaging manifest files to pre-authorize access to configuration and data for Chromium-based browsers, including Chrome, Brave, Edge, and Vivaldi.

Technical Details

The KelpDAO attack demonstrated that even if smart contracts are secure, the underlying verification infrastructure remains a single point of failure. By manipulating the LayerZero DVN through compromised and DDoS-ed RPC nodes, attackers were able to feed false data to the Ethereum contract, simulating a "phantom" token burn on the source chain to trigger the release of funds.

In the software supply chain, attackers are increasingly using legitimate-looking packages to establish persistence. For example, mgc (versions 1.2.1 through 1.2.4) uses GitHub Gists to host and fetch platform-specific RATs. Furthermore, the "FUD Crypt" service-as-a-service ($800–$2,000/month) provides automated multi-stage deployment packages designed specifically for DLL sideloading and the evasion of AMSI (Antimalware Scan Interface) and ETW (Event Tracing for Windows).

Impact / Why It Matters

Developers must move away from single-point-of-failure verification models in distributed systems and implement rigorous dependency auditing to prevent cross-ecosystem propagation. For those integrating LLMs into workflows, strict input sanitization is required to mitigate the risks of indirect prompt injection via untrusted web content.