Melted in Hex reverses PolinRider, a DPRK/Lazarus-attributed npm supply-chain loader hidden in the functional packages tailwind-color-shades and safe-validate. The loader executes on import, resolves encrypted stages through TRON, Aptos, and Binance Smart Chain dead drops, then contacts version-gated C2 over /$/boot with a Sec-V marker. The teardown links the chain to BeaverTail and InvisibleFerret payloads that target browser credentials, session cookies, SSH keys, cloud and npm/GitHub tokens, crypto wallets, and Windows clipboard/keylogging data. It also documents a new global['_V'] variant with A6-Shadow-15 and A6-Shadow-14 markers, attacker C2 IPs, package hashes, and a YARA rule for hunting the blockchain-loader behavior.