ENS Npm Packages Compromised in Supply Chain Cyberattack Affecting 400 Libraries
Ethereum Name Service ENS $11.53 24h volatility: 3.2% Market cap: $436.61 M Vol. 24h: $62.46 M software packages were compromised in a supply chain cyberattack affecting over 400 code libraries on npm, a platform where developers share and download software tools. ENS Labs said user assets and domain names appear unaffected.
The team detected that packages starting with @ensdomains were affected around 5:49 a.m. UTC on Nov. 24 and has since updated package versions while changing security credentials, according to ENS Labs. ENS-operated websites including app.ens.domains showed no signs of impact.
The attack also compromised packages from Zapier, PostHog, Postman and AsyncAPI, according to Aikido Security, which first detected the campaign on Nov. 24.
Crypto Packages Among Victims
Several blockchain development libraries were caught in the broad attack. Affected packages include gate-evm-check-code2 and evm-checkcode-cli used for smart contract bytecode verification, create-hardhat3-app for Ethereum ETH $2 935 24h volatility: 5.4% Market cap: $355.26 B Vol. 24h: $32.16 B project scaffolding, and coinmarketcap-api for price data integration.
Other crypto libraries affected include ethereum-ens and crypto-addr-codec, which handles cryptocurrency address encoding. Over 40 packages within the @ensdomains scope were compromised.
The incident echoes a backdoor discovered in XRP Ledger packages in April, where malicious code was injected into xrpl.js to steal private keys.
How the Attack Works
Malicious packages were uploaded to npm between Nov. 21-23. The malware propagates by compromising maintainer accounts and injecting code into their packages. It executes automatically when developers run standard installation commands.
The malware collects developer passwords and access tokens from GitHub, npm and major cloud services. It publishes stolen data to public GitHub repositories and creates hidden access points on infected machines for future attacks.
A GitHub search shows 26,300 repositories now contain stolen credentials, spread across roughly 350 compromised accounts. The number continues to grow as the attack remains active.
Koi Security researchers discovered an additional threat. If the malware cannot steal credentials or send data out, it erases all files in the user’s home directory.
Developer Response
ENS Labs stated that developers who have not installed ENS packages within 11 hours of the 5:49 a.m. UTC detection are likely unaffected. Those who installed during that window should delete their node_modules folders, clear npm cache and change all credentials.
The incident follows a series of crypto security breaches that have tested infrastructure projects this year. GitHub is actively removing attacker-created repositories, though new ones continue to appear.
nextThe post ENS Npm Packages Compromised in Supply Chain Cyberattack Affecting 400 Libraries appeared first on Coinspeaker.
You May Also Like
Doorbraak voor altcoins: SEC keurt Grayscale’s GDLC ETF goed
Fraudulent Token Scheme Smashed as Judge Delivers Crushing $3.34M Blow
