Wu learned that ReversingLabs reported that hackers launched supply chain attacks on locally installed Atomic Wallet and Exodus encrypted wallets by uploading malicious npm packages called pdf to office. This package disguises itself as a PDF to Office tool, but actually implants Trojan code in the local environment to replace specific files in the wallet.