Rewards Hub A significant JavaScript supply chain attack has compromised over 400 packages, including at least 10 crucial to the crypto industry, according to HashNews. Aikido Security's Charlie Eriksen discovered the malicious packages, which are infected with the Shai Hulud malware. This malware targets developer infrastructure and is capable of stealing wallet keys.
The attack has impacted ENS-related libraries such as content-hash, address-encoder, and ensjs, which collectively see tens of thousands of weekly downloads. Wiz researchers reported that over 25,000 codebases have been affected, with the number increasing by 1,000 every 30 minutes. Eriksen highlighted that the scale of this attack surpasses previous incidents.
NPM Supply Chain Attack Compromises Key Crypto Libraries
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.