Socket’s Threat Research Team has uncovered two malicious npm packages designed to steal cryptocurrency credentials and trading data—pumptoolforvolumeandcomment and its wrapper debugdogs. Both were published by a threat actor using the alias olumideyo, with exfiltration of stolen data carried out via a Telegram bot in real time.