NPM Supply-Chain Attack Compromises 400+ Packages, ENS Libraries Targeted

Published at 2025-11-24 12:30:08

A security researcher reported that the Shai Hulud malware has compromised over 400 NPM libraries, with at least 10 cryptocurrency-related packages affected — most linked to the Ethereum Name Service (ENS) ecosystem. The injected code appears in dependencies used across projects, raising the likelihood that wallets, dapps, or tooling could ingest malicious updates indirectly via trusted packages.

This incident underscores persistent supply-chain vulnerabilities in open-source tooling. For ENS users and developers the risk includes compromised key material or automated actions if any build or runtime environment pulled infected packages. Maintainers should audit recent dependency changes, revoke or rotate exposed credentials where appropriate, and publish patched releases. Users should update to clean package versions and verify integrity before deploying. The breach is a reminder that dependency hygiene and provenance checks are now critical components of crypto infrastructure security.

MalwareNPMSecuritySupply-ChainOpen SourceENS
Share on:

Related news

Aethir Stops Bridge Exploit, Vows Compensation After Under $90K Loss

Aethir says it halted a bridge exploit on its Ethereum-linked contracts, keeping losses below $90,000. Security firm PeckShield had earlier estimated the damage at about $400,000; Aethir pledged to compensate affected users.

BridgeEthereumSecurityPeckShieldAethirATH
Published at 2026-04-10 11:15:12
Major Android Flaw Exposed Millions of Crypto Wallets to Hackers

Microsoft Defender researchers say a critical bug in a widely used third-party Android SDK may have exposed tens of millions of cryptocurrency wallets to potential data theft. Users and developers are urged to update apps and apply patches immediately.

SecurityCryptoAndroidWalletsMicrosoft Defender
Published at 2026-04-09 20:46:23
Solana Patches Basic Sandwich Attack, Jito Focuses on Execution Efficiency

Solana has closed a weakness that enabled basic sandwich attacks, reducing a common front-running vector for traders. Jito is continuing work to optimize transaction execution and block space allocation to boost network efficiency.

TradingSolanaSecurityJitoDeFi
Published at 2026-04-08 10:30:08
Solana Launches STRIDE Security Framework After $285M Exploit

Solana Foundation has launched STRIDE, a security framework offering formal verification and 24/7 on‑chain monitoring in response to a $285M exploit. The initiative aims to harden DeFi protocols and restore ecosystem confidence.

SolanaSTRIDEDeFiSecurityFormal VerificationOn-Chain Monitoring
Published at 2026-04-07 23:00:10
Solana DEX Stabble Urges Liquidity Exit After North Korea Staff Link

Solana-based DEX Stabble on Apr. 7 urged all liquidity providers to withdraw funds immediately after on-chain investigator ZachXBT linked a former employee to suspected North Korean IT operations. The warning raises security and compliance concerns and could affect SOL and LINK liquidity.

SolanaLiquidityDEXSecurityZachXBTNorth Korea
Published at 2026-04-07 20:45:07

DeFi

All DeFi posts

Bitcoin

All Bitcoin posts

Derivatives

All Derivatives posts

Dogecoin

All Dogecoin posts

On-Chain

All On-Chain posts