Zack Whittaker

Google has now linked the hack and hijack of the popular Axios npm open-source project to North Korea (UNC1069), which is known for stealing cryptocurrency.

Axios is downloaded tens of millions of times weekly, so this hack is likely widespread.

Our updated story: https://techcrunch.com/2026/03/31/hacker-hijacks-axios-open-source-project-used-by-millions-to-push-malware?nocache=1

North Korean hackers blamed for hijacking popular Axios open source project to spread malware | TechCrunch

A hacker inserted malware in Axios, an open source web tool downloaded tens of millions of times weekly, in a widespread hack.

TechCrunch
Mar 31 at 5:48pmWeb
Show threadash2d ago
@zackwhittaker sorry the typo is bugging me, I think you mean "Google *has* now linked the hack and hijack" 
Show threadZack Whittaker2d ago
@ashguy thank you! typing too fast :)
Show threadjoy larkin 🌺✨2d ago

@zackwhittaker

Oh, so this means that North Korea is also targeting forked OpenClaw packages... see this Wiz write-up of the Axios incident for the OpenClaw mentions

https://www.wiz.io/blog/axios-npm-compromised-in-supply-chain-attack

Axios NPM Distribution Compromised in Supply Chain Attack | Wiz Blog

A compromised axios maintainer account led to malicious npm releases. Learn how to assess impact, detect compromise, and secure your development workflows.

wiz.io