Bitwarden CLI Supply Chain Attack Puts Crypto Wallet Keys at Risk

Attackers compromised Bitwarden's CLI version 2026.4.0 through a malicious npm package, stealing crypto wallet data and developer credentials. The breach, linked to the TeamPCP campaign, embedded malware that harvested GitHub and npm tokens, SSH keys, environment variables, and cloud credentials. This attack specifically targeted crypto wallets like MetaMask, Phantom, and Solana, as well as CI/CD secrets. While Bitwarden's core vault remains secure, users who installed the compromised CLI version are advised to rotate all exposed secrets and downgrade to version 2026.3.0 or use official signed binaries. This incident marks a potential first compromise of a package using npm's trusted publishing mechanism.

(Source：BeInCrypto)