🧵 A major supply chain attack just hit over 400 NPM packages, including critical crypto and ENS libraries! #CryptoSecurity

A worm style attack compromised more than 400 NPM packages, including essential tools used across the Ethereum ecosystem. These packages were modified to steal developer credentials and drain wallet keys. If you build anything on Ethereum or use open source crypto tools, this matters.

The attack spread automatically. Once a compromised package was installed, it attempted to exfiltrate SSH keys, NPM tokens, and any locally stored wallet keys. This is one of the largest supply chain attacks the crypto ecosystem has ever seen.

Some of the impacted packages were widely used ENS and Ethereum libraries. That means the blast radius was not just hobby projects. This targeted the infrastructure that developers rely on to keep apps secure.

This is a reminder that open source is powerful but vulnerable. Package managers like NPM are built on trust. When that trust breaks, everything downstream is exposed. Security is not just about smart contracts or wallets. It is every single tool in the pipeline.

For creators and crypto users: this is why decentralization matters. This is why we talk about sovereignty over your own keys, your own code, your own systems. Governments fear crypto because it gives people autonomy. Attacks like this show why protecting that autonomy is essential.