Close Menu
  • Instructions
  • News
    • DeFi
    • Smart Contract
    • Markets
    • Web3
    • Adoption
    • Memecoins
    • Analysis
    • Mining
    • Scams
    • Security
  • Education
    • Learn
    • Wallets & Exchange
  • Documentaries
  • Videos
    • Alessio Rastani
    • Altcoin Buzz
    • Coin Bureau
    • Dapp University
    • DataDash
    • Digital asset News
    • EllioTrades Crypto
    • MMCrypto
    • Lark Davis
    • Ivan on Tech
    • Benjamin Cowen
  • Market
    • Crypto Market Cap
    • Heat Map
    • Converter
    • Metal Prices
    • Stock prices
  • Bonus Books
  • Tools
What's Hot

Canada Crypto Week Returns July 20–26, Celebrating the Future of Web3, Digital Assets and AI

July 19, 2026

TrustedVolumes attacker returns $2M, keeps another $2M as bounty

July 19, 2026

Here is why a massive $1.6 billion in crypto liquidity is sitting idle and wasting away

July 19, 2026
Facebook X (Twitter) Instagram
Recession Profit AlertsRecession Profit Alerts
  • Instructions
  • News
    • DeFi
    • Smart Contract
    • Markets
    • Web3
    • Adoption
    • Memecoins
    • Analysis
    • Mining
    • Scams
    • Security
  • Education
    • Learn
    • Wallets & Exchange
  • Documentaries
  • Videos
    • Alessio Rastani
    • Altcoin Buzz
    • Coin Bureau
    • Dapp University
    • DataDash
    • Digital asset News
    • EllioTrades Crypto
    • MMCrypto
    • Lark Davis
    • Ivan on Tech
    • Benjamin Cowen
  • Market
    • Crypto Market Cap
    • Heat Map
    • Converter
    • Metal Prices
    • Stock prices
  • Bonus Books
  • Tools
Recession Profit AlertsRecession Profit Alerts
Home»Security»npm Finally Intervenes in ‘Mini Shai-Hulud’ Crisis, but Crypto Security Experts Call It Half-Measure
Security

npm Finally Intervenes in ‘Mini Shai-Hulud’ Crisis, but Crypto Security Experts Call It Half-Measure

May 22, 2026No Comments3 Mins Read

After a prolonged silence, the npm registry administration finally stepped into the situation surrounding the massive supply-chain attack and urgently revoked granular access tokens with write permissions that allowed attackers to bypass two-factor authentication.

These measures were introduced to suppress the fifth wave of the self-replicating “Mini Shai-Hulud” worm targeting Web3 developers, while the platform itself was forced to issue an emergency directive urging users to rotate secrets immediately and migrate to the Trusted Publishing mechanism.

Interestingly, npm’s official response triggered harsh criticism from cybersecurity industry leaders, who argue that the platform is treating symptoms instead of addressing the systemic infection itself.

Too little, too late?

MetaMask lead security researcher Taylor Monahan sarcastically commented on the platform’s actions, noting that the delayed response solves nothing and merely serves as official confirmation of the critical scale of the infrastructure crisis.

Security researcher Moshe Siman Tov Bustan also mocked the registry’s technical approach, pointing out that attempting to stop malware propagation by simply blocking access instead of properly analyzing the malware is fundamentally ineffective.

hey look who decided to finally wake up and do……….something. https://t.co/E2GTHA033s

— Tay 💖 (@tayvano_) May 20, 2026

The core criticism from researchers is that revoking tokens may prevent the publication of new malicious versions, but it is useless for developers whose AI assistants have already been infected. The “Mini Shai-Hulud” worm embeds itself deeply into IDE configurations, continuing to silently steal private keys even after access is blocked on the npm registry side.

For those who missed what this is actually about, the worm adapts itself to the habits of modern developers and turns their own tools against them.

  • AI in service of hackers: Once inside a machine, the malware does not simply steal data. It quietly embeds itself into the configuration of AI assistants and the IDE itself.
  • Immortal code: Every time an AI agent is launched, a hidden Bun-based script is triggered. Developers can repeatedly wipe projects and delete node_modules, but the worm will continue reinfecting the environment every time the AI assistant is queried.
  • Invisible espionage: The worm steals everything valuable, from AWS cloud credentials to crypto wallet seed phrases. The stolen data is encrypted and exfiltrated through GitHub’s official API. For security systems, the traffic appears indistinguishable from normal developer commits.
See also  How a Wallet Compromise Killed the Solana DeFi Aggregator

The current wave reached its peak after attackers compromised the legitimate npm account “atool”. In just 27 minutes, an automated script published 637 malicious versions across 323 unique packages, collectively reaching an estimated 16 million weekly downloads.

Source link

Call Crisis Crypto Experts Finally HalfMeasure Intervenes Mini npm Security ShaiHulud

Related Posts

Canada Crypto Week Returns July 20–26, Celebrating the Future of Web3, Digital Assets and AI

July 19, 2026

TrustedVolumes attacker returns $2M, keeps another $2M as bounty

July 19, 2026

Here is why a massive $1.6 billion in crypto liquidity is sitting idle and wasting away

July 19, 2026

Consensys unknowingly outsourced developer work to North Korean

July 19, 2026
Top Posts

Fantom Becoming Ghost Chain? Dramatic Multichain Hack Killed Whole Network

October 9, 2023

Stablecoin Fintech KAST Raises $80M Series A to Build Global Digital Dollar Payments Platform

March 11, 2026

PEPE Whale Purchases Billions of Tokens as PEPE’s Price Drops

November 3, 2023

Type above and press Enter to search. Press Esc to cancel.