Supply Chain Attack Hits 400+ npm Libraries Including ENS
On Nov. 24, security teams detected a widespread npm supply chain attack compromising over 400 code libraries, including more than 40 @ensdomains packages. Malicious code injected between Nov. 21–23 targeted developer credentials on GitHub, npm and major cloud services. Affected Ethereum Name Service (ENS) libraries such as ethereum-ens, gate-evm-check-code2 and create-hardhat3-app executed malware automatically during standard installs. The payload steals passwords and access tokens, publishes them to public GitHub repos and installs hidden backdoors; if exfiltration fails, it wipes user files.
ENS Labs confirmed that user assets and domains remain secure. Teams have updated package versions, rotated credentials and urged developers to clear npm caches, delete node_modules folders and reset all keys. The incident echoes April’s xrpl.js backdoor attack and highlights growing risks in crypto infrastructure. npm supply chain attack prevention and tighter maintainer controls are now top priorities for blockchain developers.
Neutral
This incident poses minimal direct risk to trader holdings since user assets and ENS domains remain unaffected. However, the breach of developer credentials and widespread library compromise underscores infrastructure vulnerabilities. Short-term, traders may see minor hesitation around Ethereum ecosystem tooling, but no immediate sell-off is expected. Long-term, sustained focus on npm supply chain attack prevention and enhanced security practices could bolster confidence in development frameworks, stabilizing market sentiment.