PANews reported on May 1st that, according to Cryptopolitan, security research firm ReversingLabs discovered that a malicious npm package named PromptMink, submitted through code generated by Anthropic's Claude Opus AI model, was implanted into the open-source crypto trading project openpaw-graveyard, resulting in the theft of users' crypto wallet credentials and system keys. This attack originated from the North Korean state-sponsored hacking group Famous Chollima, which has been distributing malicious npm packages since September 2025, employing a two-layer strategy: the first layer is a "bait" package without malicious code, and the second layer carries the actual malicious payload. When the second-layer package is removed, the attackers release a replacement version on the same day. This malware has evolved through multiple iterations and is now a compiled Rust payload. Once installed, it steals crypto wallet credentials, system information, project source code, and implants SSH keys on Linux and Windows systems to achieve persistent remote access.