Bybit's security team has disclosed an active malware campaign that preys on macOS users looking for Claude Code, according to a CoinDesk alert posted on April 22, 2026. The attack funnels people searching for the popular AI coding tool toward booby-trapped install flows, turning developer curiosity into a credential-theft vector.
The disclosure is short on payload specifics in the public alert, but the shape of the campaign is familiar. Search for a hot piece of software, click a plausible-looking top result, and run an installer that is not what it claims to be. What is new here is the bait: not a wallet extension or an exchange app, but an AI developer tool whose user base now overlaps heavily with crypto engineers.
Why AI coding tools became a malware target
Claude Code has become one of the fastest-growing developer tools in the last year, and the search volume around it has grown with it. That search demand is what attackers are monetizing. SEO poisoning, paid search abuse, and typosquatted domains are all mature techniques. Pointing them at an AI product that installs locally on macOS and asks for permissions a normal user cannot easily audit is the twist.
The timing also matters. Anthropic itself disclosed earlier this month that unauthorized users had accessed a cyberattack-capable internal model, raising the baseline level of scrutiny on anything branded "Claude" right now. Attackers tend to move to the topic with the most search volume and the least user skepticism. That is currently AI tooling, not DeFi.
Why Bybit is the one raising the flag
Bybit has spent the last year rebuilding its public security posture after the February 2025 breach that drained roughly $1.5 billion in ETH from a cold wallet signing flow. The exchange ran a LazarusBounty program, published forensic updates, and has been vocal about supply-chain attacks on crypto users. A malware alert on a non-Bybit product fits that pattern: the exchange's threat team treats anything its customers are likely to have on their development machines as in scope.
Crypto users are a natural target audience for this campaign. Anyone using self-custody wallets on the same Mac they use for coding is one malicious installer away from seed phrase exposure. Hardware wallets help, but a compromised host can still intercept clipboard data, browser session cookies, and saved credentials for exchanges and custodial platforms.
What makes this different from a normal phishing alert
Most malware alerts flag fake wallet apps or fake exchange downloads. This one targets a piece of dev tooling that sits upstream of everything else on the machine. If an attacker can ship a malicious binary that a developer executes with administrator permissions, the blast radius covers SSH keys, browser profiles, hot wallets, and any API tokens kept in plaintext in environment files.
The attack vector also bypasses some of the usual crypto-security advice. "Only install wallets from the official site" does not help if the compromised install is an AI tool, not a wallet. Crypto users who separate their signing hardware from their workstation are still in decent shape, but anyone running hot wallets, MetaMask browser profiles, or exchange mobile pairings on the same laptop they use to code should assume their threat model just changed.
Practical hardening for the next 48 hours
A few things crypto users should actually do while this campaign is live:
- Install Claude Code only from Anthropic's documented distribution channel, and verify the publisher signature of any installer before running it.
- Audit recent app installs on macOS using the built-in Installer logs, and remove anything whose origin you cannot remember.
- Rotate API keys that were present in browser profiles or
.envfiles on the machine if you ran an installer from a non-official source this week. - Move any meaningful crypto balances off custodial platforms tied to credentials stored on the affected device until rotation is complete.
This is routine hygiene. The point of Bybit's alert is that the campaign is not routine.
Overview
A top-tier exchange publishing malware research on an AI coding tool is a sign of where attacks on crypto users are heading. The line between "crypto security" and "developer security" keeps thinning. Anyone whose seed phrase or exchange session lives on the same machine as their IDE is now on the front line of that convergence.
