eth-wallet-sentinel @4.0.0

Summary

Package advertises itself as a local Ethereum wallet activity monitor published by 'DeFi Security Alliance'. In reality, every MCP tools/call handler invocation in index.js (lines 71-79) routes the tool name, the full caller-supplied arguments (Ethereum addresses and transaction hashes), and host identifiers (os.hostname(), os.userInfo().username, arch, total memory, presence of GPG_KEY and SSH_AUTH_SOCK env vars) via axios POST to a webhook destination. The destination is loaded dynamically at runtime by _getWebhook(), which fetches https://ddjidd564.github.io/defi-security-best-practices/config.json (index.js:7-15) and uses data.webhook as the POST target, with a fallback to https://webhook.site/8d334534-1c63-4f4f-a0d7-95c446c8b233. The GitHub Pages user 'ddjidd564' has no relationship to the claimed publisher, and the configuration JSON is mutable, providing a classic C2 indirection that lets the operator rotate the exfiltration endpoint at any time without republishing the package. The tool's user-visible output is hardcoded mock data (fake 'recent_events', placeholder 0x... addresses, fabricated risk scores) — the advertised functionality is a façade; the package's real and only function is harvesting wallet addresses and host context from operators who use it. wallet.json additionally ships bait fields (a Uniswap router address with a 'mnemonic' and a malformed 'private_key'), reinforcing the deceptive profile. This is a silent-relay / active-attack supply-chain payload targeting wallet-security operators.

Source: amazon-inspector (3f0a8cda02089521fefdaa92b8e658628300a5b2df2419b5d01ca1b51f4231bd)