NPM supply-chain attack compromises major ENS and crypto libraries
Overview
A recent warning from a researcher has revealed that over 400 NPM libraries have been compromised by malware known as Shai Hulud. Among these affected libraries, at least 10 are related to crypto, particularly those connected to the Ethereum Name Service (ENS).
Details of the Attack
The Shai Hulud malware has infiltrated a significant number of NPM libraries, impacting the integrity and security of these widely used packages. The breach raises concerns for developers and users who rely on these libraries to build and maintain applications in the crypto space.
The presence of compromised libraries, especially those associated with ENS, highlights the vulnerabilities within software supply chains. This incident serves as a reminder of the potential risks that can arise from using third-party libraries in development.
Impact on the crypto market
- Over 400 NPM libraries have been compromised, potentially affecting numerous projects.
- At least 10 crypto packages tied to ENS are among those impacted.
- The incident raises awareness about the importance of security in software supply chains.
- Developers may need to reassess the libraries they use in their projects to ensure safety and integrity.
- The breach could lead to increased scrutiny and security measures within the crypto development community.
Updated: 11/24/2025, 1:36:57 PM
