incident tracker · the threat model

Your keys are already exposed
to every extension in your editor.

A running record of the key thefts and supply-chain attacks that define the environment agents operate in. None of these required breaking cryptography. They only required code you ran being able to read a file.

2026agent skill marketplaces

Malicious agent skills wave

Security researchers counted 1,184 malicious agent skills published across registries in a single 30-day window: credential stealers, wallet drainers, and exfiltration hooks packaged as productivity skills. Any skill your agent loads runs with your agent's file access, which on most setups includes your keypair.

2025editor extension$500K

Fake Cursor extension drains $500K

A trojanized extension published against Cursor users quietly exfiltrated crypto credentials and drained roughly $500K from a developer's wallets. The extension needed no exploit: editor extensions can read any file your editor can, including id.json.

2025npm supply chain

npm chalk / debug supply-chain compromise

Maintainer accounts behind some of npm's most-downloaded packages (chalk, debug, and others in the same wave) were phished, and malicious versions shipped crypto-clipper payloads to millions of installs. If your build pulled the wrong version at the wrong hour, your machine ran attacker code.

Dec 2024npm supply chain

solana-web3.js backdoored release

Versions 1.95.6 and 1.95.7 of the official Solana JavaScript SDK were published with a backdoor that exfiltrated private keys from apps handling them. It was live on npm for hours before being pulled, long enough to reach production bots and back ends.

2023wallet extension$7M

Trust Wallet browser extension

A flaw in the browser-extension wallet's key generation left seed phrases recoverable, with losses reported around $7M before remediation and reimbursement. Browser-resident key material remains one of the most attacked surfaces in crypto.

ongoingarchitecture

id.json is readable by any extension

This one isn't a single incident. It's the standing condition. The default Solana CLI keypair sits at ~/.config/solana/id.json in plaintext. Every editor extension, every agent skill, every npm postinstall script you run can read it. That is the gap DAEMON's vault closes.

Know an incident that belongs here? Send it to hello@daemon.computer with a source and we'll add it.