BlockBriefly
Supply-Chain Attack Hits Crypto Domains With Advanced Malware
Nov. 25, 2025

Supply-Chain Attack Hits Crypto Domains With Advanced Malware

By: Isha Das

In a dramatic resurgence, the self-replicating npm worm known as Shai-Hulud has launched a new wave of attacks, compromising 492 packages that collectively boast 132 million monthly downloads. This incident has raised significant security concerns across major ecosystems like AsyncAPI, PostHog, Postman, Zapier, and the Ethereum Name Service (ENS), as reported on November 24 by the security firm Aikido.

The timing of the attack appears to be tactical, hitting just before npm’s December 9 deadline for revoking legacy authentication tokens. Starting earlier in September, the Shai-Hulud attacks exploit exposed developer environments using tools like TruffleHog to exfiltrate sensitive information such as API keys and GitHub tokens. These are then published in public repositories, from which the worm pushes new infected versions onto other packages, exponentially expanding its reach.

The new wave includes technical refinements over the previous iteration. For example, the worm now employs randomly generated names for these repositories, instead of hardcoded ones, making the attack more challenging to mitigate. The installation now also uses a 'setup_bun.js' script installed with Bun during package setup to execute the primary payload in 'bun_environment.js'. However, the attack hit a hitch: the bundling code occasionally fails to include 'bun_environment.js', leaving attackers with only a partially successful breach.

The scale and coordination of this attack suggest a high level of sophistication and access, possibly indicating a significant, orchestrated effort at the repository level rather than merely taking advantage of exposed npm tokens. This assault parallels past attacks, where unauthorized access to source code modified build pipelines within the software lifecycle. As companies scramble to respond, security experts strongly advise auditing all relevant dependencies and rotating credentials associated with the compromised environments. Moreover, strategy recommendations include disabling npm post-install scripts in CI pipelines to avert the execution of malicious code. As organizations fortify their defenses against this kind of sophisticated supply-chain attack, this incident underscores the persistent vulnerabilities that continue to afflict the evolving blockchain and cryptocurrency space.

Latest News

Solana Phones Face Security Concerns Due to Chip Vulnerability
Dec. 4, 2025
Solana Phones Face Security Concerns Due to Chip Vulnerability
Connecticut Enforces Ban on Unlicensed Online Gambling by Major Platforms
Dec. 4, 2025
Connecticut Enforces Ban on Unlicensed Online Gambling by Major Platforms
Kevin O'Leary Asserts Bitcoin Will Remain Resilient Amid Fed Rate Speculations
Dec. 4, 2025
Kevin O'Leary Asserts Bitcoin Will Remain Resilient Amid Fed Rate Speculations
Ethereum Whales and Market Volatility: Strategic Accumulation Amidst Liquidations
Dec. 4, 2025
Ethereum Whales and Market Volatility: Strategic Accumulation Amidst Liquidations
Get In Touch

[email protected]

Follow Us
News Directory
Past Market Trends

© BlockBriefly. All Rights Reserved.