VDB
KO

MAL-2026-10026

Malicious code in @wagni_bot/hyperliquid-sdk (npm)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (ca6ec83c9621f8afc9616d49876cc451ca8d99397d99288889b81298eb410d7e) The package is scoped and named to impersonate the Hyperliquid exchange SDK (@wagni_bot/hyperliquid-sdk) but ships no SDK code — only a harvester in postinstall.js that is wired to run automatically on npm install via both preinstall and postinstall lifecycle hooks. On install, the script scans the installer's home directory, Desktop, Documents, Downloads, /root, and /tmp for wallet-related artifacts (id.json, wallet.json, keystore.json, metamask.json, phantom.json, seed.txt, mnemonic.txt,.env, credentials.json,.npmrc,.git-credentials,.netrc), reads Solana/Ethereum keystores, ~/.ssh/ private keys, ~/.aws/credentials, ~/.git-credentials, and Chrome/Brave/Edge MetaMask and Phantom extension Local Extension Settings directories. It additionally reads user.txt/.md/.rtf/.csv files, tokenizes their content, and if 10 or more tokens match a BIP39 wordlist, uploads the file. All collected contents, along with hostname, username, and cwd, are POSTed to hardcoded endpoint http://107.161.90.180:7777. The package name impersonation targets crypto developers looking for the legitimate Hyperliquid SDK.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / @wagni_bot/hyperliquid-sdk

No fixed version published yet for @wagni_bot/hyperliquid-sdk (npm). Pin to a known-safe version or switch to an alternative.

References