NPM Supply-Chain Attack Compromises Major ENS and Crypto Libraries

Summary

A supply‑chain attack on the NPM ecosystem has infected more than 400 JavaScript packages with the Shai Hulud self‑replicating worm, according to Aikido Security researcher Charlie Eriksen. At least ten of the compromised libraries are crypto‑focused, many tied to the Ethereum Name Service (ENS), and each receives tens of thousands of weekly downloads, exposing a large portion of the Ethereum developer stack. The worm harvests credentials and can make private repositories public, potentially stealing wallet keys if they are present, while also spreading autonomously across developer environments. Security firms Wiz and AMLBot report thousands of affected repositories and urge immediate investigation and remediation for any systems that depend on the tainted packages.