- Main event, leadership changes, market impact, financial shifts, or expert insights.
- Attacks target developer credentials and cloud storage.
- No direct protocol-level theft confirmed yet.
Over 600 npm packages experienced compromise by โShai-Hulud,โ a malware attack targeting developer credentials and wallet keys. Key projects, such as Zapier, ENS Domains, and Postman, were impacted, risking data theft and unauthorized financial access.
A malware attack known as Shai-Hulud has compromised over 600 npm packages, targeting developer credentials and wallet keys since November 21, 2025.
The Attackโs Impact
The malware attack, called Shai-Hulud, has breached more than 600 npm packages, affecting high-profile projects such as Zapier and AsyncAPI. Early detection by Aikido Securityโs Charlie Eriksen revealed the exposure of credentials and secrets to GitHub.
โDiscovered the new Shai-Hulud campaign earlier today, 105 trojanized packages with indicators, now 492. Secrets are leaking to GitHub.โ โ Charlie Eriksen, Malware Researcher, Aikido Security (Aikido Security)
Important players such as ENS Domains and Postman were also impacted, with Wiz Research Team documenting a propagation timeline. Attacks originated from compromised npm maintainer accounts, leveraging phishing but with unidentified authors.
Cloud services like AWS and crypto assets including ETH and BTC face risks of theft due to compromised credentials. Despite no confirmed protocol-level hacks, the attack impacts developer environments and cloud infrastructure significantly.
Financial and crypto markets face indirect threats with exposed secrets potentially leading to wallet drains. Severe impacts on developer infrastructure highlight the need for enhanced security measures.
Observations from previous attacks indicate self-replicating malware tactics, similar to historical npm phishing campaigns. Indirect exposure of private repositories could elevate risks of operational and financial disruption.
The Shai-Hulud malware creates significant challenges requiring immediate password rotations and security updates. Monitoring and evaluative controls are essential to prevent further damage in future supply chain occurrences.
About the author
BitMart Leads in BTC Perpetual Liquidity Among Exchanges
BitMart leads BTC perpetual liquidity, enhancing trading conditions. Discover key takeaways and future implications.
Caroline Ellisonโs Federal Custody Release Set for 2026
Caroline Ellison, ex-Alameda CEO, released in 2026 after cooperating in FTX case.
BTC and ETH Spot ETFs Face Significant Net Outflows
Spot ETFs for BTC and ETH witness notable outflows, impacting market dynamics significantly.
Obyte Celebrates Ninth Anniversary with On-Chain Governance Launch
Obyte marks its ninth anniversary with on-chain governance, Obyte City expansion, and new DeFi tools for 2026, emphasizing decentralization.
Tether Freezes $3.3B, Outpacing Circleโs USDC Blacklists
Tether freezes $3.3 billion across 7,268 addresses from 2023-2025, surpassing Circle's $109 million freeze on 372 addresses.
Jay Yu Predicts Crypto Trends for 2026
Explore Jay Yu's 2026 cryptocurrency market forecasts, covering trends in digital assets, AI, and more.
Related
BitMart Leads in BTC Perpetual Liquidity Among Exchanges
BitMart leads BTC perpetual liquidity, enhancing trading conditions. Discover key takeaways and future implications.
Caroline Ellisonโs Federal Custody Release Set for 2026
Caroline Ellison, ex-Alameda CEO, released in 2026 after cooperating in FTX case.
BTC and ETH Spot ETFs Face Significant Net Outflows
Spot ETFs for BTC and ETH witness notable outflows, impacting market dynamics significantly.
Obyte Celebrates Ninth Anniversary with On-Chain Governance Launch
Obyte marks its ninth anniversary with on-chain governance, Obyte City expansion, and new DeFi tools for 2026, emphasizing decentralization.
Tether Freezes $3.3B, Outpacing Circleโs USDC Blacklists
Tether freezes $3.3 billion across 7,268 addresses from 2023-2025, surpassing Circle's $109 million freeze on 372 addresses.
Jay Yu Predicts Crypto Trends for 2026
Explore Jay Yu's 2026 cryptocurrency market forecasts, covering trends in digital assets, AI, and more.
