ChainBleedv0.1 · open intel
← back to feed·2026-03-31 · 2mo ago
Incident · SLOWMIST

[email protected]

Supply Chain Attack
Estimated loss
VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
▰ METHOD
Undisclosed
Root cause

Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.

Forensic narrative

Socket has detected an active supply chain attack targeting version 1.14.1 of the core npm package, axios. The attacker injected malicious code into axios by introducing a malicious dependency that first appeared today. Developers using axios are advised to pin their versions immediately and review their project lockfiles. Attack method (per SlowMist): Supply Chain Attack. Reported loss: 0.

Primary source
https://x.com/Cointelegraph/status/2038843819760734636
Sourced from
slowmist
Technical record
chain
protocol
[email protected]
bug_class
unknown
date_occurred
2026-03-31
loss_usd
source_id
sm:axios-1-14-1::2026-03-31
Related — same bug class
2026-05-16
25d ago
ETH
Adshares
Bridge-Minter Fake-Mint Exploit (wADS)
bridge
$628.0K
AMBIGUOUS
2026-05-15
26d ago
MULTI
THORChain
Cross-Chain Router Exploit (multi-chain drain)
bridge
$10.70M
AMBIGUOUS
2026-05-13
27d ago
BSC
Mail Token
BSC token contract exploit (vector undisclosed)
accounting
$54.6K
UNRATED
2026-05-13
27d ago
ARB
ShapeShift FOX Colony (Colony Network)
executeMetaTransaction → resolver-repoint via setTarget → delegatecall drain
access-control
$132.7K
AUDIT-CATCHABLE
2026-05-13
28d ago
ETH
Transit Finance
Contract Vulnerability
logic
$1.88M
UNRATED
2026-05-13
28d ago
ETH
TAC Cross-Chain Layer (TON Side)
Contract Vulnerability
logic
$2.80M
UNRATED
ChainBleed — live web3 threat intelligence