npm Supply Chain Attack Shai-Hulud Infects 490 ENS Libraries
The npm supply chain attack known as Shai-Hulud 2.0 has compromised over 490 npm packages, including critical ENS libraries, affecting 132 million monthly downloads and more than 25,000 GitHub repositories. The malware installs a bun_environment.js script via Bun during pre-install, then deploys TruffleHog to scan for and exfiltrate passwords, API keys and wallet tokens to public repos. This npm supply chain attack wave expands September’s breach by randomizing repository names and infecting deeper dependency chains. Security researchers from Aikido Security, Ledger and Nextron Systems recommend auditing npm dependencies, rotating credentials and monitoring CI/CD pipelines. Although no immediate market impact has emerged, traders should be aware of potential risks to ENS and related tokens, and enforce robust security measures.
Neutral
This npm supply chain attack poses security threats by harvesting developer credentials and wallet tokens, potentially undermining confidence in ENS and related blockchain projects. In the short term, traders may face increased caution and volatility in ENS token positions due to heightened security concerns. However, with no observed immediate market movements and the likelihood that teams will implement stronger security measures, the long-term impact on ENS’s price appears limited. Overall, the event underscores persistent supply-chain vulnerabilities, suggesting a neutral effect on ENS token value.