ENS Npm Packages Compromised in Supply Chain Cyberattack Affecting 400 Libraries
Ethereum Name Service ENS $11.53 24h volatility: 3.2% Market cap: $436.61 M Vol. 24h: $62.46 M software packages were compromised in a supply chain cyberattack affecting over 400 code libraries on npm, a platform where developers share and download software tools. ENS Labs said user assets and domain names appear unaffected.
The team detected that packages starting with @ensdomains were affected around 5:49 a.m. UTC on Nov. 24 and has since updated package versions while changing security credentials, according to ENS Labs. ENS-operated websites including app.ens.domains showed no signs of impact.
The attack also compromised packages from Zapier, PostHog, Postman and AsyncAPI, according to Aikido Security, which first detected the campaign on Nov. 24.
Crypto Packages Among Victims
Several blockchain development libraries were caught in the broad attack. Affected packages include gate-evm-check-code2 and evm-checkcode-cli used for smart contract bytecode verification, create-hardhat3-app for Ethereum ETH $2 935 24h volatility: 5.4% Market cap: $355.26 B Vol. 24h: $32.16 B project scaffolding, and coinmarketcap-api for price data integration.
Other crypto libraries affected include ethereum-ens and crypto-addr-codec, which handles cryptocurrency address encoding. Over 40 packages within the @ensdomains scope were compromised.
The incident echoes a backdoor discovered in XRP Ledger packages in April, where malicious code was injected into xrpl.js to steal private keys.
How the Attack Works
Malicious packages were uploaded to npm between Nov. 21-23. The malware propagates by compromising maintainer accounts and injecting code into their packages. It executes automatically when developers run standard installation commands.
The malware collects developer passwords and access tokens from GitHub, npm and major cloud services. It publishes stolen data to public GitHub repositories and creates hidden access points on infected machines for future attacks.
A GitHub search shows 26,300 repositories now contain stolen credentials, spread across roughly 350 compromised accounts. The number continues to grow as the attack remains active.
Koi Security researchers discovered an additional threat. If the malware cannot steal credentials or send data out, it erases all files in the user’s home directory.
Developer Response
ENS Labs stated that developers who have not installed ENS packages within 11 hours of the 5:49 a.m. UTC detection are likely unaffected. Those who installed during that window should delete their node_modules folders, clear npm cache and change all credentials.
The incident follows a series of crypto security breaches that have tested infrastructure projects this year. GitHub is actively removing attacker-created repositories, though new ones continue to appear.
nextThe post ENS Npm Packages Compromised in Supply Chain Cyberattack Affecting 400 Libraries appeared first on Coinspeaker.
You May Also Like
US Prosecutors Seek 12-Year Prison for Do Kwon Over Terra Collapse
Highlights: US prosecutors requested a 12-year prison sentence for Do Kwon after the Terra collapse. Terraform’s $40 billion downfall caused huge losses and sparked a long downturn in crypto markets. Do Kwon will face sentencing on December 11 and must give up $19 million in earnings. US prosecutors have asked a judge to give Do Kwon, Terraform Labs co-founder, a 12-year prison sentence for his role in the remarkable $40 billion collapse of the Terra and Luna tokens. The request also seeks to finalize taking away Kwon’s criminal earnings. The court filing came in New York’s Southern District on Thursday. This is about four months after Kwon admitted guilt on two charges: wire fraud and conspiracy to defraud. Prosecutors said Kwon caused more losses than Samuel Bankman-Fried, Alexander Mashinsky, and Karl Sebastian Greenwood combined. U.S. prosecutors have asked a New York federal judge to sentence Terraform Labs co-founder Do Kwon to 12 years in prison, calling his role in the 2022 TerraUSD collapse a “colossal” fraud that triggered broader crypto-market failures, including the downfall of FTX. Sentencing is… — Wu Blockchain (@WuBlockchain) December 5, 2025 Terraform Collapse Shakes Crypto Market Authorities explained that Terraform’s collapse affected the entire crypto market. They said it helped trigger what is now called the ‘Crypto Winter.’ The filing stressed that Kwon’s conduct harmed many investors and the broader crypto world. On Thursday, prosecutors said Kwon must give up just over $19 million. They added that they will not ask for any additional restitution. They said: “The cost and time associated with calculating each investor-victim’s loss, determining whether the victim has already been compensated through the pending bankruptcy, and then paying out a percentage of the victim’s losses, will delay payment and diminish the amount of money ultimately paid to victims.” Authorities will sentence Do Kwon on December 11. They charged him in March 2023 with multiple crimes, including securities fraud, market manipulation, money laundering, and wire fraud. All connections are tied to his role at Terraform. After Terra fell in 2022, authorities lost track of Kwon until they arrested him in Montenegro on unrelated charges and sent him to the U.S. Do Kwon’s Legal Case and Sentencing In April last year, a jury ruled that both Terraform and Kwon committed civil fraud. They found the company and its co-founder misled investors about how the business operated and its finances. Jay Clayton, U.S. Attorney for the Southern District of New York, submitted the sentencing request in November. TERRA STATEMENT: “We are very disappointed with the verdict, which we do not believe is supported by the evidence. We continue to maintain that the SEC does not have the legal authority to bring this case at all, and we are carefully weighing our options and next steps.” — Zack Guzmán (@zGuz) April 5, 2024 The news of Kwon’s sentencing caused Terraform’s token, LUNA, to jump over 40% in one day, from $0.07 to $0.10. Still, this rise remains small compared to its all-time high of more than $19, which the ecosystem reached before collapsing in May 2022. In a November court filing, Do Kwon’s lawyers asked for a maximum five-year sentence. They argued for a shorter term partly because he could face up to 40 years in prison in South Korea, where prosecutors are also pursuing a case against him. The legal team added that even if Kwon serves time in the U.S., he would not be released freely. He would be moved from prison to an immigration detention center and then sent to Seoul to face pretrial detention for his South Korea charges. eToro Platform Best Crypto Exchange Over 90 top cryptos to trade Regulated by top-tier entities User-friendly trading app 30+ million users 9.9 Visit eToro eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment, and you should not expect to be protected if something goes wrong.
Golden Trump statue holding Bitcoin appears outside U.S. Capitol
