Gate News message, April 24 — Bitwarden CLI version 2026.4.0 was compromised in a supply chain attack between 17:57 and 19:30 ET on April 24, according to SlowMist CISO 23pds. Attackers exploited GitHub Actions in Bitwarden’s CI/CD pipeline to inject a malicious package that was briefly distributed via npm.
The attack targeted the repository’s continuous integration workflow, allowing unauthorized code to reach the package registry. However, Bitwarden confirmed that Vault data was not compromised, production systems were unaffected, and only users who installed version 2026.4.0 from npm during the 1.5-hour window were impacted.
Bitwarden advised affected users to immediately uninstall version 2026.4.0, clear npm cache, rotate API tokens and SSH keys, audit GitHub and CI activity for anomalies, and upgrade to the patched version 2026.4.1.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Slow Mist Warns of MioLab, Malware-as-a-Service Platform Targeting Crypto Assets and Hardware Wallets on macOS
Gate News message, April 24 — Slow Mist Chief Information Security Officer 23pds disclosed on X that MioLab is a highly commercialized macOS malware-as-a-service (MaaS) platform actively promoted on Russian underground forums, offering C2 control, API integration, and customized attack
GateNews41m ago
U.S. Special Operations Forces Chief Warrant Officer Arrested: Used Classified Intelligence to Bet on Maduro on Polymarket, Profited $400k
The U.S. Department of Justice in the Southern District of New York has indicted U.S. Army Special Forces officer chief Gannon Ken Van Dyke, alleging that he used classified information to bet on Polymarket on the outcome of Maduro’s arrest, earning approximately $409,881 (13 transactions, 2025-12-27 to 2026-1-26). The charges include illegal use of confidential information, theft of nonpublic information, commodity transaction fraud, wire fraud, and illegal money transactions, among others. It is described as the first federal prosecution centered on insider trading and arbitrage with a prediction market, which may affect future regulatory directions.
ChainNewsAbmedia1h ago
Spanish Police Seize €400K in Crypto from Illegal Manga Piracy Platform, 3 Arrested
Gate News message, April 24 — Spanish police in Almería seized two cryptocurrency cold wallets containing approximately €400,000 during a raid on the country's largest illegal manga distribution platform. Three individuals were arrested in connection with the operation, which was initiated
GateNews3h ago
OFAC Sanctions Cambodian Senator Over Crypto Scam Network
OFAC Sanctions Cambodian Senator Over Crypto Scam Network
The U.S. Treasury's Office of Foreign Assets Control (OFAC) has sanctioned Cambodian senator Kok An, who is accused of controlling "scam compounds" throughout Cambodia that have defrauded Americans. OFAC designated An and 28 other
CryptoFrontier3h ago
U.S. sanctions Cambodian officials’ billion-dollar scam resort! Tether freezes more than $344 million in USDT
The U.S. Treasury Department and the Department of Justice have recently launched a joint law enforcement action targeting “pig butchering” romance scams involving cryptocurrencies that have become increasingly rampant in Southeast Asia. In an official announcement, the government has imposed sanctions on Cambodian Senator Kok An and 28 individuals and entities within his criminal network, accusing them of using political influence and their network of casino compounds to shelter large-scale fraud and human trafficking activities. Estimates indicate that these scam operations have led to losses for U.S. residents of as much as $10 billion in a single year. In conjunction with this crackdown, the stablecoin issuer Rether has also frozen more than $344 million in digital assets involved in the case.
Romance “Pig Butchering” scams: U.S. residents lose over $10 billion in a single year
In recent years, multinational criminal organizations based in Southeast Asia have made extensive use of the scam method known as “Pig Butchering.” Scammers will, through social media or messaging apps, spend months
ChainNewsAbmedia3h ago
