NPM Supply-Chain Attack Compromises 400+ Packages, ENS Libraries Targeted

Published at 2025-11-24 12:30:08

A security researcher reported that the Shai Hulud malware has compromised over 400 NPM libraries, with at least 10 cryptocurrency-related packages affected — most linked to the Ethereum Name Service (ENS) ecosystem. The injected code appears in dependencies used across projects, raising the likelihood that wallets, dapps, or tooling could ingest malicious updates indirectly via trusted packages.

This incident underscores persistent supply-chain vulnerabilities in open-source tooling. For ENS users and developers the risk includes compromised key material or automated actions if any build or runtime environment pulled infected packages. Maintainers should audit recent dependency changes, revoke or rotate exposed credentials where appropriate, and publish patched releases. Users should update to clean package versions and verify integrity before deploying. The breach is a reminder that dependency hygiene and provenance checks are now critical components of crypto infrastructure security.

MalwareNPMSecuritySupply-ChainOpen SourceENS
Share on:

Related news

Neutron Halts Services After White-Hat Flags Vulnerability

Neutron (NTRN) has suspended services until at least March 9 after a white-hat researcher flagged a vulnerability in its code, prompting an immediate security update and investigation. The pause affects the blockchain’s BTCFi yield products for BTC holders.

White HatNTRNBTCFiSecurityNeutron
Published at 2026-03-03 15:45:49
UK Security Chief Urges Temporary Ban on Crypto Political Donations

The UK's security chief has called for a temporary ban on cryptocurrency donations to political parties amid security and transparency concerns. The appeal follows Reform UK's move last May to accept Bitcoin and other digital assets.

RegulationUnited KingdomCryptocurrencySecurityPolitical DonationsReform UK
Published at 2026-02-26 02:15:12
Hackers Use Facebook Ads to Push Fake Windows 11 Updates That Steal Crypto

Researchers warn attackers are buying Facebook ad space to promote bogus Windows 11 update installers that deploy crypto-stealing malware. Clicks lead to malicious executables that harvest wallets, browser extensions, and credentials.

CybersecurityMalwareCryptoFacebookWindows 11
Published at 2026-02-25 01:45:54
Vitalik Buterin: DeFi Still Core to Ethereum’s Vision

Vitalik Buterin reiterated that decentralized finance remains central to Ethereum, stressing robust security, stronger privacy protections, and a user-first financial experience as priorities for ongoing development.

Vitalik ButerinDeFiEthereumSecurityETHPrivacy
Published at 2026-02-24 20:31:00
Revolut Says Ex-Employee Accused of Extortion, Threatened KYC Data Leak

A crypto trader alleges a former Revolut employee tried to extort him and contacted his family, claiming to possess KYC data. Revolut says it has opened an investigation and that its systems were not compromised.

SecurityCryptoRevolutExtortionKYCInvestigation
Published at 2026-02-23 14:45:25

DeFi

All DeFi posts

Bitcoin

All Bitcoin posts

Liquidity

All Liquidity posts

Blockchain

All Blockchain posts

Ethereum

All Ethereum posts