No Result
View All Result
SUBMIT YOUR ARTICLES
  • Login
Tuesday, July 7, 2026
TheAdviserMagazine.com
  • Home
  • Financial Planning
    • Financial Planning
    • Personal Finance
  • Market Research
    • Business
    • Investing
    • Money
    • Economy
    • Markets
    • Stocks
    • Trading
  • 401k Plans
  • College
  • IRS & Taxes
  • Estate Plans
  • Social Security
  • Medicare
  • Legal
  • Home
  • Financial Planning
    • Financial Planning
    • Personal Finance
  • Market Research
    • Business
    • Investing
    • Money
    • Economy
    • Markets
    • Stocks
    • Trading
  • 401k Plans
  • College
  • IRS & Taxes
  • Estate Plans
  • Social Security
  • Medicare
  • Legal
No Result
View All Result
TheAdviserMagazine.com
No Result
View All Result
Home Market Research Cryptocurrency

New NPM Supply-Chain Attack Compromises ENS and Crypto Code

by TheAdviserMagazine
8 months ago
in Cryptocurrency
Reading Time: 2 mins read
A A
New NPM Supply-Chain Attack Compromises ENS and Crypto Code
Share on FacebookShare on TwitterShare on LInkedIn


A major JavaScript supply-chain attack has compromised hundreds of software packages — including at least 10 used widely across the crypto ecosystem — according to new research from cybersecurity firm Aikido Security.

In a Monday post, Charlie Eriksen, a researcher at Aikido Security, shared the names of over 400 packages that show signs of infection with the “Shai Hulud” self-replicating malware used in an ongoing JavaScript NPM library supply chain attack. Eriksen said he validated each detection to avoid false positives.

Many of the cryptocurrency-related packages involved receive tens of thousands of downloads per week and have numerous other packages that require them to function. In an X post published earlier today, Eriksen also warned the Ethereum Name Service (ENS) team that several of their packages are affected.

Source: Charlie Eriksen

Shai Hulud is part of a broader supply chain attack trend. In Early September, the largest NPM attack reported to date saw hackers only steal $50 million of crypto. Amazon Web Services noted that this first attack was followed by the Shai-Hulud worm spreading autonomously just a week later.

While the previous attack directly targeted crypto to steal assets, Shai-Hulud is a general-purpose credential-stealing malware that spreads autonomously across developer infrastructure. If the infected environment contains wallet keys, the malware will steal them as “secrets” like any other credential.

Related: Failed NPM exploit highlights looming threat to crypto security: Exec

Which crypto packages are affected?

Among all the affected packages, at least 10 were specifically related to the cryptocurrency industry, and nearly all were tied to the ENS, a human-readable address name service. Among the affected packages are ENS’s content-hash, with almost 36,000 weekly downloads, and 91 software packages depending on it, as well as address-encoder, with over 37,500 weekly downloads.

Other ENS packages affected include ensjs (over 30,000 weekly downloads), ens-validation (1,750 weekly downloads), ethereum-ens (12,650 weekly downloads), and ens-contracts (nearly 3,100 weekly downloads). A cryptocurrency-related package unrelated to ENS, called crypto-addr-codec, was also compromised, with almost 35,000 downloads.

Related: $27 million gone, no private keys exposed: How the BigONE hack happened

Popular non-crypto packages affected

Non-crypto-related packages affected include some offered by the corporate automation platform Zapier, including one with over 40,000 downloads per week and many not far behind. In a subsequent post, Eriksen pointed to other packages that were infected, some with nearly 70,000 weekly downloads, and to another package seeing well over 1.5 million weekly downloads.

“The scope of this new Shai Hulud attack is frankly massive; we’re still working through the queue to confirm it all,” Eriksen wrote on X.

“It’ll make the previous attack look like nothing.“

Researchers at cybersecurity firm Wiz claim to have “spotted over 25,000 affected repositories across ~350 unique users, 1,000 new repositories are being added consistently every 30 minutes in the last couple of hours.” The company recommends “immediate investigation and remediation” for any environment using npm.

Magazine: ‘Help! My robot vac is stealing my Bitcoin’: When smart devices attack



Source link

Tags: attackCodeCompromisesCryptoENSNPMsupplychain
ShareTweetShare
Previous Post

The irony of predicting markets: Nithin Kamath flags an expensive mistake traders can’t do without

Next Post

SEBI Unveils New Framework for Materiality of Related Party Transactions

Related Posts

edit post
Someone Stole M From BonkDAO Without Hacking Anything

Someone Stole $21M From BonkDAO Without Hacking Anything

by TheAdviserMagazine
July 7, 2026
0

An attacker has stolen $21.2 million from the BonkDAO treasury without hacking anything. He purchased BONK tokens for $4.4 million,...

edit post
BlackRock put 9M behind Bitcoin’s rebound but can it last?

BlackRock put $209M behind Bitcoin’s rebound but can it last?

by TheAdviserMagazine
July 7, 2026
0

U.S. spot Bitcoin ETFs turned positive again on July 6, and the clearest question for Bitcoin is whether BlackRock's IBIT...

edit post
Bitcoin Bottom Signal Last Seen at FTX Collapse Flashes as Saylor’s Strategy Dumps 3,588 BTC

Bitcoin Bottom Signal Last Seen at FTX Collapse Flashes as Saylor’s Strategy Dumps 3,588 BTC

by TheAdviserMagazine
July 7, 2026
0

Key TakeawaysCryptoquant said bitcoin’s realized P/L ratio hit -0.35, its lowest reading since December 2022 after FTX fell.The signal flashed...

edit post
bitFlyer USA expands to West Virginia, nears full US coverage

bitFlyer USA expands to West Virginia, nears full US coverage

by TheAdviserMagazine
July 7, 2026
0

bitFlyer USA has launched trading services in West Virginia, bringing the Japanese-owned crypto exchange closer to full coverage of the...

edit post
Trader Loses  Million From Malicious DEX incident

Trader Loses $2 Million From Malicious DEX incident

by TheAdviserMagazine
July 7, 2026
0

A trader who swapped $2.01 million worth of Ether on a decentralized exchange has been left with just $14,500 worth...

edit post
Payward Europe EMI License Highlights Kraken’s Regulated Fiat-Rail Expansion

Payward Europe EMI License Highlights Kraken’s Regulated Fiat-Rail Expansion

by TheAdviserMagazine
July 6, 2026
0

Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure Payward Europe securing an electronic money institution...

Next Post
edit post
SEBI Unveils New Framework for Materiality of Related Party Transactions

SEBI Unveils New Framework for Materiality of Related Party Transactions

edit post
What Makes Charles River Laboratories (CRL) an Investment Bet?

What Makes Charles River Laboratories (CRL) an Investment Bet?

  • Trending
  • Comments
  • Latest
edit post
Mass Fraud in Massachusetts Committed by Illegal Immigrants Discovered

Mass Fraud in Massachusetts Committed by Illegal Immigrants Discovered

June 22, 2026
edit post
New York Seniors: 6 STAR Tax Relief Rules That Could Put a Bigger Check in Your Mailbox

New York Seniors: 6 STAR Tax Relief Rules That Could Put a Bigger Check in Your Mailbox

June 20, 2026
edit post
5 Pennsylvania Rebate Rules Seniors Should Check Before the Property Tax/Rent Deadline

5 Pennsylvania Rebate Rules Seniors Should Check Before the Property Tax/Rent Deadline

June 18, 2026
edit post
Retail giant exits U.S. fashion after multi-million-dollar scandal

Retail giant exits U.S. fashion after multi-million-dollar scandal

July 1, 2026
edit post
Florida Roads Become a Battleground for Illegal Immigration

Florida Roads Become a Battleground for Illegal Immigration

June 9, 2026
edit post
Same Portfolio. Same Retirement. A 10-Mile Move Costs One Couple ,000 A Year

Same Portfolio. Same Retirement. A 10-Mile Move Costs One Couple $10,000 A Year

June 27, 2026
edit post
25 Ways to Save Money on Groceries

25 Ways to Save Money on Groceries

0
edit post
The Company We Wish Existed

The Company We Wish Existed

0
edit post
Penguin Solutions Releases Q3 2026 Financial Results

Penguin Solutions Releases Q3 2026 Financial Results

0
edit post
SpaceX’s biggest bull sees valuation soaring above  trillion

SpaceX’s biggest bull sees valuation soaring above $10 trillion

0
edit post
Chainlink CCIP Integration Gives WEMIX A Safer Route For Cross-Chain Gaming Assets

Chainlink CCIP Integration Gives WEMIX A Safer Route For Cross-Chain Gaming Assets

0
edit post
11 Legit Ways to Make Money With Amazon — From Home or on the Road

11 Legit Ways to Make Money With Amazon — From Home or on the Road

0
edit post
SpaceX’s biggest bull sees valuation soaring above  trillion

SpaceX’s biggest bull sees valuation soaring above $10 trillion

July 7, 2026
edit post
68% of clients would switch advisors for one who offers estate planning

68% of clients would switch advisors for one who offers estate planning

July 7, 2026
edit post
Kalshi traders give low odds the U.S. takes a stake in OpenAI in 2026

Kalshi traders give low odds the U.S. takes a stake in OpenAI in 2026

July 7, 2026
edit post
The “Widow Penalty” Budget: Why Expenses Don’t Always Drop After One Spouse Dies

The “Widow Penalty” Budget: Why Expenses Don’t Always Drop After One Spouse Dies

July 7, 2026
edit post
Someone Stole M From BonkDAO Without Hacking Anything

Someone Stole $21M From BonkDAO Without Hacking Anything

July 7, 2026
edit post
Student Loan Forgiveness Scams Are Costing Borrowers Thousands

Student Loan Forgiveness Scams Are Costing Borrowers Thousands

July 7, 2026
The Adviser Magazine

The first and only national digital and print magazine that connects individuals, families, and businesses to Fee-Only financial advisers, accountants, attorneys and college guidance counselors.

CATEGORIES

  • 401k Plans
  • Business
  • College
  • Cryptocurrency
  • Economy
  • Estate Plans
  • Financial Planning
  • Investing
  • IRS & Taxes
  • Legal
  • Market Analysis
  • Markets
  • Medicare
  • Money
  • Personal Finance
  • Social Security
  • Startups
  • Stock Market
  • Trading

LATEST UPDATES

  • SpaceX’s biggest bull sees valuation soaring above $10 trillion
  • 68% of clients would switch advisors for one who offers estate planning
  • Kalshi traders give low odds the U.S. takes a stake in OpenAI in 2026
  • Our Great Privacy Policy
  • Terms of Use, Legal Notices & Disclosures
  • Contact us
  • About Us

© Copyright 2024 All Rights Reserved
See articles for original source and related links to external sites.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Home
  • Financial Planning
    • Financial Planning
    • Personal Finance
  • Market Research
    • Business
    • Investing
    • Money
    • Economy
    • Markets
    • Stocks
    • Trading
  • 401k Plans
  • College
  • IRS & Taxes
  • Estate Plans
  • Social Security
  • Medicare
  • Legal

© Copyright 2024 All Rights Reserved
See articles for original source and related links to external sites.