NPM supply-chain attack compromises major ENS and crypto libraries
A researcher warned that more than 400 NPM libraries, including at least 10 crypto packages mostly tied to ENS, were compromised by Shai Hulud malware.
A major JavaScript supply-chain attack has compromised hundreds of software packages, including at least 10 used widely across the crypto ecosystem, according to research from cybersecurity firm Aikido Security.
In a Monday post, Charlie Eriksen, a researcher at Aikido Security, shared the names of over 400 packages that showed signs of infection with the “Shai Hulud” self-replicating worm malware used in the ongoing JavaScript NPM library supply chain attack. Eriksen said he validated each detection to avoid false positives.
Many of the cryptocurrency-related packages involved receive tens of thousands of downloads per week and have numerous other packages that require them to function. In an X post published earlier Monday, Eriksen also warned the Ethereum Name Service (ENS) team that several of their packages were affected.
