Moralis A.I CyberSecurity Scoring
Moralis
Company Information
Website:https://moralis.com
Employees number:62
Number of followers:13,186
NAICS:5112
Industry Type:Software Development
Homepage:moralis.com
Moralis Risk Score (AI oriented)
Between 700 and 749
MoralisSoftware Development
Updated:
12/06/2026
12/06/2026
733/1000
Moderate
Ba
Moralis Global Score (TPRM)
xxxx
MoralisSoftware Development
Score locked

MoralisModerate
Current Score
733Ba (MODERATE)
01000
1 incidents
-18 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
733
JUNE 2026
751
Cyber Attack
12 Jun 2026 • Moralis
Coinbase, npm and Moralis: Malicious npm Packages Abuse Postinstall Scripts to Steal Ethereum Private Keys and Mnemonic Phrases
Sophisticated npm Supply Chain Attack Targets Blockchain Developers
733
CRITICAL-18
MORNPMCOI1781267690
Sophisticated npm Supply Chain Attack Targets Blockchain Developers
A newly uncovered software supply chain attack has compromised blockchain developers through eleven malicious npm packages, designed to steal cryptocurrency wallet credentials and infiltrate development environments. Discovered by Cyfirma Research, the campaign exploited open-source ecosystems to target Web3 projects and cloud-native infrastructure, amassing over 2.7 million downloads and significantly expanding its reach.
The attack employed typosquatting and impersonation tactics, tricking developers into installing packages that mimicked legitimate tools. Three distinct clusters of malicious packages were identified:
1. Coinbase Wallet Utils – Functioned as an information stealer, conducting host reconnaissance and exfiltrating sensitive data to attacker-controlled servers.
2. moralis-sdk – The most downloaded package, containing an obfuscated post-install script that initiated a multi-stage infection chain, downloading and executing remote payloads.
3. Typosquatted packages (e.g., Ganach, Solidity, Stelar-sdk) – Leveraged blockchain-based command-and-control infrastructure to dynamically deploy platform-specific malware.
Additionally, an npm user named ethcompat published five malicious packages, including hardhat-deploy-utils and ethers-compat, which harvested deployment credentials, SSH keys, and wallet secrets collectively garnering over 2,200 downloads.
The primary attack vector relied on npm post-installation scripts, which executed malicious code automatically upon package installation, requiring no further user interaction. The campaign underscores the growing threat of supply chain attacks in open-source ecosystems, particularly against cryptocurrency and decentralized finance (DeFi) projects.
Indicators of compromise (IoCs) include SHA1/SHA256 hashes for malicious packages such as ethers-jss and coinbase-wallet-utils, though attacker-controlled domains and IPs remain defanged to prevent accidental resolution.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MAY 2026
751
APRIL 2026
751
MARCH 2026
751
FEBRUARY 2026
751
JANUARY 2026
751
DECEMBER 2025
751
NOVEMBER 2025
751
OCTOBER 2025
751
SEPTEMBER 2025
751
AUGUST 2025
751
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Moralis ??
What was Moralis's A.I Rankiteo Cyber Score in June 2026 ??
What was Moralis's A.I Rankiteo Cyber Score in May 2026 ??
What was Moralis's A.I Rankiteo Cyber Score in April 2026 ??
What was Moralis's A.I Rankiteo Cyber Score in March 2026 ??
What was Moralis's A.I Rankiteo Cyber Score in February 2026 ??
What was Moralis's A.I Rankiteo Cyber Score in January 2026 ??
What was Moralis's A.I Rankiteo Cyber Score in December 2025 ??
What was Moralis's A.I Rankiteo Cyber Score in November 2025 ??
What was Moralis's A.I Rankiteo Cyber Score in October 2025 ??
What was Moralis's A.I Rankiteo Cyber Score in September 2025 ??
What was Moralis's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Moralis's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Moralis ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Moralis's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?