NPM Supply-Chain Attack Compromises 400+ Packages, ENS Libraries Targeted

Published at 2025-11-24 12:30:08

A security researcher reported that the Shai Hulud malware has compromised over 400 NPM libraries, with at least 10 cryptocurrency-related packages affected — most linked to the Ethereum Name Service (ENS) ecosystem. The injected code appears in dependencies used across projects, raising the likelihood that wallets, dapps, or tooling could ingest malicious updates indirectly via trusted packages.

This incident underscores persistent supply-chain vulnerabilities in open-source tooling. For ENS users and developers the risk includes compromised key material or automated actions if any build or runtime environment pulled infected packages. Maintainers should audit recent dependency changes, revoke or rotate exposed credentials where appropriate, and publish patched releases. Users should update to clean package versions and verify integrity before deploying. The breach is a reminder that dependency hygiene and provenance checks are now critical components of crypto infrastructure security.

MalwareNPMSecuritySupply-ChainOpen SourceENS
Share on:

Related news

Polygon smart contracts under siege — wider systemic threat may be looming

A wave of smart-contract exploits and abuse on Polygon has heightened concern that deeper vulnerabilities could threaten DeFi liquidity and MATIC-linked assets. Developers and users are being urged to monitor contracts, bridges and oracle feeds closely.

PolygonSmart ContractsDeFiExploitsSecurity
Published at 2026-01-17 06:15:08
Hacker Steals $282M in Crypto Using Hardware Wallet Social‑Engineering Attack

A sophisticated social‑engineering operation stole over $282 million in BTC and LTC, with the proceeds quickly routed through Monero to obscure the trail.

SecurityLitecoinBitcoinMoneroHardware Wallet
Published at 2026-01-16 20:00:19
Vitalik: Ethereum Must Prepare Now for Quantum Computing Threat

Ethereum co-founder Vitalik Buterin said the protocol should be built to operate for decades without constant upgrades and must be resilient against future quantum computers. He urged early integration of quantum-resistant cryptography to avoid disruptive emergency fixes.

EthereumVitalik ButerinQuantum ComputingSecurityCryptography
Published at 2026-01-12 20:00:44
Arbitrum DEX Futureswap Hit by Suspected $400K Hack

Decentralized leverage trading platform Futureswap on Arbitrum reportedly lost about $395,000 in a suspected exploit, according to blockchain security firm BlockSec. The incident adds to a series of Arbitrum-based DeFi security events in early 2026.

SecurityDeFiArbitrumExploitFutureswap
Published at 2026-01-11 02:45:07
Truebit Token Plunges 99% After $26M Exploit

Truebit’s TRU collapsed roughly 99%, falling from $0.16 to $0.0000000029 after the protocol disclosed a security breach and on-chain analysts traced the stolen Ether. The exploit is reported at about $26 million, leaving the token effectively worthless.

TruebitExploitSecurityEthereumTRU
Published at 2026-01-08 21:16:03

DeFi

All DeFi posts

Bitcoin

All Bitcoin posts

Blockchain

All Blockchain posts

ETF

All ETF posts

Stablecoins

All Stablecoins posts