On April 22, 2024, a malicious version of Bitwarden’s command-line interface (CLI) was published to npm under the official package name @bitwarden/[email protected]. For 93 minutes, anyone installing the package via npm received a compromised substitute instead of the legitimate tool.
Bitwarden detected the breach, removed the malicious package, and issued a statement confirming that no evidence of end-user vault data access or production system compromise was found. Security research firm JFrog analyzed the payload and discovered that the malware was not designed to target Bitwarden vaults. Instead, it focused on stealing high-value credentials that govern infrastructure access and automation workflows.
Credentials Targeted by the Malicious Bitwarden CLI
| Targeted Secret / Data Type | Where It Usually Lives | Why It Matters Operationally |
|---|---|---|
| GitHub tokens | Developer laptops, local config, CI environments | Can enable repo access, workflow abuse, secret listing, and lateral movement through automation |
| npm tokens | Local config, release environments | Can be used to publish malicious packages or alter release flows |
| SSH keys | Developer machines, build hosts | Can open access to servers, internal repos, and infrastructure |
| Shell history | Local machines | Can reveal pasted secrets, commands, internal hostnames, and workflow details |
| AWS credentials | Local config files, environment variables, CI secrets | Can expose cloud workloads, storage, and deployment systems |
| GCP credentials | Local config files, environment variables, CI secrets | Can expose cloud projects, services, and automation pipelines |
| Azure credentials | Local config files, environment variables, CI secrets | Can expose cloud infrastructure, identity systems, and deployment paths |
| GitHub Actions secrets | CI/CD environments | Can give access to automation, build outputs, deployments, and downstream secrets |
| AI tooling / config files | Project directories, local dev environments | Can expose API keys, internal endpoints, model settings, and related credentials |
Bitwarden serves over 50,000 businesses and 10 million users, and its documentation describes the CLI as a “powerful, fully-featured” tool for accessing and managing vaults, including in automated workflows that authenticate using environment variables. Bitwarden recommends npm as the simplest and preferred installation method for users already familiar with the registry.
This combination—heavy automation use, installation on developer machines, and official distribution via npm—places the CLI in a position where it interacts with high-value infrastructure secrets, making it an attractive target for supply chain attacks.
How the Malicious Payload Operated
JFrog’s analysis revealed that the malicious package rewired both the preinstall hook and the bw binary entrypoint to a loader. This loader fetched the Bun runtime and launched an obfuscated payload. The compromise was triggered both at install time and runtime.
An organization could run the backdoored CLI without accessing stored passwords, while the malware systematically collected credentials governing CI pipelines, cloud accounts, and deployment automation. This allowed attackers to gain persistent access to critical infrastructure without triggering immediate suspicion.
Root Cause Linked to Compromised CI/CD Pipeline
Security firm Socket reported that the attack appears to have exploited a compromised GitHub Action in Bitwarden’s CI/CD pipeline. This aligns with a pattern identified by researchers at Checkmarx, who have been tracking a broader supply chain campaign. Bitwarden later confirmed that the incident was connected to this campaign.
The incident underscores the vulnerabilities in the npm ecosystem’s trusted publishing model. Traditionally, npm relied on long-lived publish tokens, which posed significant risks if compromised. To mitigate such threats, npm has shifted toward OIDC-based CI/CD authentication, a system designed to reduce reliance on static credentials and lower the risk of supply chain attacks.
Related articles
Ripple CTO Warns XRP Holders: Fake Airdrop Scams Surge on XRPL Network
The XRP Ledger (XRPL) is seeing a drastic rise in fraud attempts targeting its users as the network draws more institutional activity, higher transact...
DeFi Exploits Surge: $6M Lost in Weekly Hacks as Smaller Projects Remain Vulnerable
A flurry of relatively small-scale hacks continues to wreak havoc on smaller crypto projects, despite flying under the radar when compared to recent m...
OpenAI’s Daybreak Initiative: A New Cybersecurity Model Crypto Must Adopt to Prevent Hacks
OpenAI introduced a new cybersecurity initiative, Daybreak, on May 11, designed to find, validate, and help fix software vulnerabilities before attack...
Bitcoin Network Sees Surge in Fake Node Addresses: Is a Sybil Attack Underway?
All of a sudden, Bitcoin’s peer-to-peer communication layer for full nodes, known as its gossip channel, found four times more addresses than it did a...
Physical Crypto Extortion Soars: Over $100M Lost in Wrench Attacks in 2026
Crypto investors have lost more than $100 million to physical extortion in the first four months of 2026, according to blockchain security firm CertiK...
Chainlink CCIP sees $3B surge in adoption after KelpDAO exploit exposes bridge vulnerabilities
Crypto projects with more than $3 billion in total value locked have migrated their cross-chain infrastructure to Chainlink’s Cross-Chain Interoperabi...
DeFi's $16.5 Billion Exploit Crisis: How Security Failures Forced a Reckoning in April 2024
The rsETH crisis resulted in $200 million in bad debt on Aave's books, despite not a single line of its contracts misbehaving. On Apr. 18, attackers t...
Firefox Uncovers 20-Year-Old Bugs with AI: How Mythos AI Fixed 423 Vulnerabilities in 30 Days
Mozilla’s latest Firefox security update provides a rare glimpse into what happens when frontier AI capabilities reach defenders before attackers. The...