Shai-Hulud Malware Compromises Over 600 npm Packages

Author: coinlineup

Source: coinlineup

2025/11/25 02:45

2 min read

MORE$0.0001544+12.45%

WALLET$0.00999-1.76%

CLOUD$0.03783-0.68%

For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com

Shai-Hulud Malware Compromises Over 600 npm Packages

Key Takeaways:

Main event, leadership changes, market impact, financial shifts, or expert insights.
Attacks target developer credentials and cloud storage.
No direct protocol-level theft confirmed yet.

Over 600 npm packages experienced compromise by “Shai-Hulud,” a malware attack targeting developer credentials and wallet keys. Key projects, such as Zapier, ENS Domains, and Postman, were impacted, risking data theft and unauthorized financial access.

A malware attack known as Shai-Hulud has compromised over 600 npm packages, targeting developer credentials and wallet keys since November 21, 2025.

The Attack’s Impact

The malware attack, called Shai-Hulud, has breached more than 600 npm packages, affecting high-profile projects such as Zapier and AsyncAPI. Early detection by Aikido Security’s Charlie Eriksen revealed the exposure of credentials and secrets to GitHub.

Important players such as ENS Domains and Postman were also impacted, with Wiz Research Team documenting a propagation timeline. Attacks originated from compromised npm maintainer accounts, leveraging phishing but with unidentified authors.

Cloud services like AWS and crypto assets including ETH and BTC face risks of theft due to compromised credentials. Despite no confirmed protocol-level hacks, the attack impacts developer environments and cloud infrastructure significantly.

Financial and crypto markets face indirect threats with exposed secrets potentially leading to wallet drains. Severe impacts on developer infrastructure highlight the need for enhanced security measures.

Observations from previous attacks indicate self-replicating malware tactics, similar to historical npm phishing campaigns. Indirect exposure of private repositories could elevate risks of operational and financial disruption.

The Shai-Hulud malware creates significant challenges requiring immediate password rotations and security updates. Monitoring and evaluative controls are essential to prevent further damage in future supply chain occurrences.

Market Opportunity

Moonveil Price(MORE)

$0.0001544

$0.0001544$0.0001544

+5.60%

USD

Moonveil (MORE) Live Price Chart

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.