Operation HEXSTRIKE is a targeted cybercrime involving a sophisticated supply chain attack that exploited nine malicious npm packages published by an actor using the account umarbek1233. These packages, impersonating Strapi CMS plugins, were released between 02:02 and 03:58 UTC on April 3, 2026. Each package leverages postinstall hooks to deploy a multi-phase command-and-control (C2) agent which stealthily eliminates environment variables, database credentials, JWT secrets, API keys, and cryptocurrency wallet information. This operation notably affects the Guardarian cryptocurrency exchange, with the attacker establishing a reverse shell that polls every five seconds.