Over 300 malicious npm packages have been used to infiltrate blockchain companies targeted by North Korean hackers. These attacks, leveraging over 50,000 downloads, pose a significant threat to the security of blockchain projects and developer trust. The Lazarus Group, a notorious North Korean cyber espionage group, is behind this campaign. They’ve deployed a sophisticated tactic that relies on fake personas and promises of technical jobs to entice developers to download these malicious packages. This attack highlights the growing risk in supply chain attacks within open-source development. While there hasn’t been direct financial loss reported yet, it’s critical for projects to be vigilant in addressing this threat. Developers are actively removing suspicious dependencies on GitHub and other platforms. The impact of this campaign on the blockchain industry is still unfolding but has spurred a call for stricter security measures within developer communities.