A significant JavaScript supply chain attack has impacted hundreds of software packages, potentially compromising cryptocurrency ecosystems. According to research by Aikido Security, the ‘Shai Hulud’ malware is spreading through the npm library ecosystem, affecting at least ten widely used packages within the crypto space. These include notable packages like ENS content-hash, address-encoder and related services from the Ethereum Name Service (ENS). The attack has affected a diverse range of software packages beyond cryptocurrency, with several notable examples from Zapier. Experts warn that this attack presents a significant threat as ‘Shai Hulud’ can steal credentials and spread autonomously across developer infrastructure. While investigations continue to assess the full impact, cybersecurity firm Wiz reports over 25,000 affected repositories in recent days.