Shai-Hulud Malware Compromises Over 600 npm Packages
- Main event, leadership changes, market impact, financial shifts, or expert insights.
- Attacks target developer credentials and cloud storage.
- No direct protocol-level theft confirmed yet.
Over 600 npm packages experienced compromise by “Shai-Hulud,” a malware attack targeting developer credentials and wallet keys. Key projects, such as Zapier, ENS Domains, and Postman, were impacted, risking data theft and unauthorized financial access.
A malware attack known as Shai-Hulud has compromised over 600 npm packages, targeting developer credentials and wallet keys since November 21, 2025.
The Attack’s Impact
The malware attack, called Shai-Hulud, has breached more than 600 npm packages, affecting high-profile projects such as Zapier and AsyncAPI. Early detection by Aikido Security’s Charlie Eriksen revealed the exposure of credentials and secrets to GitHub.
“Discovered the new Shai-Hulud campaign earlier today, 105 trojanized packages with indicators, now 492. Secrets are leaking to GitHub.” – Charlie Eriksen, Malware Researcher, Aikido Security ( Aikido Security )
Important players such as ENS Domains and Postman were also impacted, with Wiz Research Team documenting a propagation timeline. Attacks originated from compromised npm maintainer accounts, leveraging phishing but with unidentified authors.
Cloud services like AWS and crypto assets including ETH and BTC face risks of theft due to compromised credentials. Despite no confirmed protocol-level hacks , the attack impacts developer environments and cloud infrastructure significantly.
Financial and crypto markets face indirect threats with exposed secrets potentially leading to wallet drains. Severe impacts on developer infrastructure highlight the need for enhanced security measures.
Observations from previous attacks indicate self-replicating malware tactics, similar to historical npm phishing campaigns. Indirect exposure of private repositories could elevate risks of operational and financial disruption.
The Shai-Hulud malware creates significant challenges requiring immediate password rotations and security updates. Monitoring and evaluative controls are essential to prevent further damage in future supply chain occurrences.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Ethereum network sees 62% drop in fees: Is ETH price at risk?
SOL Price Forecast: Solana Enters a New Phase with Network Enhancements and Market Fluctuations
- Solana's 2025 upgrades (Firedancer, Alpenglow) enable 1M TPS and 5,200x cheaper transactions, boosting institutional adoption. - TVL rebounded to $8.8B with 32.7% QoQ growth, supported by Bitwise ETF and 7% staking yields attracting institutional capital. - Fed's December 2025 rate cut and QT cessation create favorable macro conditions, historically correlating with crypto gains. - Technical indicators (RSI 42.5, bullish MACD) suggest strategic entry above 200-day EMA ahead of December FOMC meeting. - In
Solana's Abrupt Price Swings and Institutional Reactions: Analyzing Core and Market Factors Behind the Decline and Reviewing Long-Term Value
- Solana (SOL) plummeted 14% in late 2025 due to weak on-chain metrics, 7.5% inflation, and waning memecoin demand. - Institutional investors maintained 1% SOL treasury holdings and $101.7M ETF inflows despite macro risks and $19B crypto liquidations. - Alpenglow/Firedancer upgrades (1M+ TPS, 150ms finality) and 50-80% lower validator costs aim to strengthen Solana's infrastructure resilience. - Regulatory uncertainties (SEC ETF reviews, MiCA) and delayed $2.9B inflation reduction plan (2029) persist as sy
The Impact of Institutional Funding on Education and Workforce Training in Renewable Energy
- Institutional investors are boosting renewable energy education and workforce programs to drive long-term economic resilience and sustainability. - Global investments hit $386B in H1 2025, with education initiatives bridging skill gaps and enabling equitable clean energy transitions. - Case studies like Morocco’s 38% renewable electricity and Portugal’s green skills programs highlight education’s role in job creation and sector growth. - Education and green finance synergies in RCEP and U.S. $265B 2024 i
Trending news
MoreCrypto prices
More
