News 
Coin Information 
About us 
Customer Service 
The npm registry has finally responded to the growing “Mini Shai-Hulud” malware crisis by revoking compromised developer access tokens and urging users to rotate secrets immediately. The move comes after a large-scale software supply-chain attack targeted Web3 developers through malicious npm packages, raising serious concerns across the cybersecurity and cryptocurrency industries.
According to security researchers, npm disabled granular access tokens with write permissions that attackers used to bypass two-factor authentication protections. The platform also advised developers to adopt the Trusted Publishing mechanism to reduce future risks. However, many cybersecurity experts argue the response arrived far too late and fails to address the deeper security problem.
MetaMask security researcher Taylor Monahan criticized npm’s actions, claiming the company is only acknowledging the scale of the incident rather than eliminating the underlying infection. Other experts, including Moshe Siman Tov Bustan, warned that blocking malicious package publishing alone does not remove malware already embedded inside developers’ machines.
The “Mini Shai-Hulud” worm reportedly targets modern AI-assisted coding environments. Once installed, the malware hides inside IDE configurations and AI assistant settings, allowing it to survive even after developers delete projects or reinstall dependencies. Each time an AI coding tool launches, hidden scripts reactivate the infection.
Researchers say the malware is designed to steal highly sensitive information, including AWS credentials, crypto wallet seed phrases, and private keys. Stolen data is encrypted and secretly transferred through GitHub’s API, making the activity appear like ordinary developer traffic and difficult for security systems to detect.
The latest attack escalated after hackers compromised the npm account “atool.” Within less than half an hour, attackers published 637 malicious package versions across 323 packages, potentially impacting nearly 16 million weekly downloads.
Security analysts now warn that developers working in blockchain, cryptocurrency, and Web3 sectors should immediately audit their environments, rotate credentials, and verify AI development tools for hidden persistence mechanisms.
Comment 0