Close Menu
  • Instructions
  • News
    • DeFi
    • Smart Contract
    • Markets
    • Web3
    • Adoption
    • Memecoins
    • Analysis
    • Mining
    • Scams
    • Security
  • Education
    • Learn
    • Wallets & Exchange
  • Documentaries
  • Videos
    • Alessio Rastani
    • Altcoin Buzz
    • Coin Bureau
    • Dapp University
    • DataDash
    • Digital asset News
    • EllioTrades Crypto
    • MMCrypto
    • Lark Davis
    • Ivan on Tech
    • Benjamin Cowen
  • Market
    • Crypto Market Cap
    • Heat Map
    • Converter
    • Metal Prices
    • Stock prices
  • Bonus Books
  • Tools
What's Hot

CLARITY Act Delivers 3 Key Benefits for Developers, Investors, and Markets, Senator Says

July 19, 2026

Consensys unknowingly outsourced developer work to North Korean

July 19, 2026

Trump targets Brazil's payments system while dollar stablecoins are quietly overtaking country's payments

July 19, 2026
Facebook X (Twitter) Instagram
Recession Profit AlertsRecession Profit Alerts
  • Instructions
  • News
    • DeFi
    • Smart Contract
    • Markets
    • Web3
    • Adoption
    • Memecoins
    • Analysis
    • Mining
    • Scams
    • Security
  • Education
    • Learn
    • Wallets & Exchange
  • Documentaries
  • Videos
    • Alessio Rastani
    • Altcoin Buzz
    • Coin Bureau
    • Dapp University
    • DataDash
    • Digital asset News
    • EllioTrades Crypto
    • MMCrypto
    • Lark Davis
    • Ivan on Tech
    • Benjamin Cowen
  • Market
    • Crypto Market Cap
    • Heat Map
    • Converter
    • Metal Prices
    • Stock prices
  • Bonus Books
  • Tools
Recession Profit AlertsRecession Profit Alerts
Home»Security»npm Finally Intervenes in ‘Mini Shai-Hulud’ Crisis, but Crypto Security Experts Call It Half-Measure
Security

npm Finally Intervenes in ‘Mini Shai-Hulud’ Crisis, but Crypto Security Experts Call It Half-Measure

May 22, 2026No Comments3 Mins Read

After a prolonged silence, the npm registry administration finally stepped into the situation surrounding the massive supply-chain attack and urgently revoked granular access tokens with write permissions that allowed attackers to bypass two-factor authentication.

These measures were introduced to suppress the fifth wave of the self-replicating “Mini Shai-Hulud” worm targeting Web3 developers, while the platform itself was forced to issue an emergency directive urging users to rotate secrets immediately and migrate to the Trusted Publishing mechanism.

Interestingly, npm’s official response triggered harsh criticism from cybersecurity industry leaders, who argue that the platform is treating symptoms instead of addressing the systemic infection itself.

Too little, too late?

MetaMask lead security researcher Taylor Monahan sarcastically commented on the platform’s actions, noting that the delayed response solves nothing and merely serves as official confirmation of the critical scale of the infrastructure crisis.

Security researcher Moshe Siman Tov Bustan also mocked the registry’s technical approach, pointing out that attempting to stop malware propagation by simply blocking access instead of properly analyzing the malware is fundamentally ineffective.

hey look who decided to finally wake up and do……….something. https://t.co/E2GTHA033s

— Tay 💖 (@tayvano_) May 20, 2026

The core criticism from researchers is that revoking tokens may prevent the publication of new malicious versions, but it is useless for developers whose AI assistants have already been infected. The “Mini Shai-Hulud” worm embeds itself deeply into IDE configurations, continuing to silently steal private keys even after access is blocked on the npm registry side.

For those who missed what this is actually about, the worm adapts itself to the habits of modern developers and turns their own tools against them.

  • AI in service of hackers: Once inside a machine, the malware does not simply steal data. It quietly embeds itself into the configuration of AI assistants and the IDE itself.
  • Immortal code: Every time an AI agent is launched, a hidden Bun-based script is triggered. Developers can repeatedly wipe projects and delete node_modules, but the worm will continue reinfecting the environment every time the AI assistant is queried.
  • Invisible espionage: The worm steals everything valuable, from AWS cloud credentials to crypto wallet seed phrases. The stolen data is encrypted and exfiltrated through GitHub’s official API. For security systems, the traffic appears indistinguishable from normal developer commits.
See also  crypto investment company disappears with $1.6 million

The current wave reached its peak after attackers compromised the legitimate npm account “atool”. In just 27 minutes, an automated script published 637 malicious versions across 323 unique packages, collectively reaching an estimated 16 million weekly downloads.

Source link

Call Crisis Crypto Experts Finally HalfMeasure Intervenes Mini npm Security ShaiHulud

Related Posts

Consensys unknowingly outsourced developer work to North Korean

July 19, 2026

Florida Man Charged in Video Game Malware Scheme That Stole Crypto

July 19, 2026

Protocol logic attacks grow as hackers shift from wallet exploits

July 18, 2026

Crypto executives say digital native generations may never need a bank account

July 18, 2026
Top Posts

Fake Wallet APP Downloads and Malicious Backdoors are Leading Causes of Crypto Loss: Bitrace

October 30, 2023

Bitcoin ETFs Extend Five-Day Streak With $180 Million Inflows

March 14, 2026

Crypto Clarity Act in spotlight for bad-actor provisions as Senate process grinds forward

June 4, 2026

Type above and press Enter to search. Press Esc to cancel.