The digital supply chain is currently facing a crisis of trust, as evidenced by a sophisticated wave of npm-based attacks targeting the very heart of the Web3 and cloud engineering communities. To help us navigate these murky waters, we are joined by Dominic Jainy, an IT professional whose deep expertise in artificial intelligence, machine learning, and blockchain provides a unique lens through which to view these evolving threats. Throughout our conversation, we explore the mechanics of how over 2.7 million downloads of a single compromised package can turn into a silent epidemic of credential theft. We will delve into the ingenious, albeit malicious, use of blockchain transactions as exfiltration channels, the psychological impact of typosquatting on weary developers, and the critical defensive maneuvers—like script suppression and automated analysis—that are now mandatory for survival in the modern dev environment.
Many supply chain attacks leverage npm lifecycle scripts to execute code automatically during a standard installation. How do these hooks like preinstall and postinstall turn a routine developer task into a security nightmare?
The beauty and the terror of the npm ecosystem lie in its seamless automation, where a simple command triggers a cascade of events designed to make the developer’s life easier. When an attacker embeds malicious logic into preinstall or postinstall hooks, they are essentially turning the developer’s own workstation against them the moment they press “Enter.” In this recent campaign, we saw packages like ethers-jss and coinbase-wallet-utils use these scripts to bypass the need for any additional user interaction, immediately initiating reconnaissance the second the package archive was unpacked. It creates a visceral sense of violation for a developer to realize that while they were waiting for a progress bar to finish, a script was already scanning their environment variables and exfiltrating SSH keys. By the time the “Success” message appears on the terminal, the damage is already done, and the attacker has already moved on to the next phase of the operation.
The moralis-sdk package is a particularly chilling example of a “sleeper agent” in the software supply chain, having reached over 2.7 million downloads. What can you tell us about the timeline of its weaponization and how it managed to fly under the radar for so long?
The moralis-sdk case is a masterclass in patience and deception, starting its life as a perfectly clean, functional copy of the legitimate Moralis SDK in October 2025. By building a massive user base of over 2.7 million downloads while the code was benign, the attackers established a deep well of trust and ensured their package would be integrated into thousands of CI/CD pipelines and enterprise environments. The “poisoning” happened through a calculated update that introduced a heavily obfuscated postinstall.js file, which didn’t even activate immediately; instead, it used a YouTube page as a remote “dead drop” or activation switch. This sensory layer of complexity meant that security scanners looking for static malicious payloads would see nothing, while the attacker could remotely toggle the malware’s activation only when they were ready to harvest data. It is a haunting reminder that a package that was safe yesterday might be a weapon today, and the sheer volume of downloads provides a smokescreen that few organizations are equipped to pierce.
We often see attackers impersonating popular libraries, but this campaign took it a step further by creating “malicious wrappers.” How did packages like ethers-jss manipulate the fundamental functions of blockchain development to steal secrets?
Instead of just being a broken or empty package that steals data, ethers-jss functioned as a “man-in-the-middle” for the developer’s local code by wrapping around the legitimate ethers library. This allowed the malware to silently intercept the most sensitive operations in a Web3 developer’s workflow: the creation and recovery of digital wallets. As the developer programmatically generated a new wallet or entered a mnemonic phrase, the malicious wrapper captured those private keys and instantly funneled them to a server hosted on GitHub Codespaces. The campaign even included a specialized Python script, docker_hunter.py, which performed OSINT-style lookups on Docker Hub to find associated infrastructure, making the attack feel incredibly targeted and personal. It turns the very tools we use to build secure, decentralized systems into the instruments of our financial ruin, capturing the “keys to the kingdom” before they are even written to a disk.
One of the most innovative and perhaps ironic aspects of this campaign was the use of the blockchain itself to exfiltrate stolen data. Can you explain how the ethcompat cluster turned a victim’s own wallet into a data leak channel?
There is a certain dark poetry in using a victim’s own blockchain infrastructure to facilitate the theft of their assets, which is exactly what the ethcompat cluster achieved. These five packages didn’t just dump data to a standard web server; they used AES-256-GCM to encrypt the stolen credentials, ensuring that the data remained hidden from network-level inspection. Then, in a brilliant move of technical subversion, they embedded this encrypted data directly into Ethereum blockchain transactions sent to an attacker-controlled wallet. Because these transactions look like standard blockchain activity, they are incredibly difficult to distinguish from legitimate development testing or operations. It creates a situation where the exfiltration channel is as immutable and decentralized as the technology the developer is trying to build, making it nearly impossible to “shut down” the C2 infrastructure in the traditional sense.
Beyond standard C2 servers, this campaign utilized dynamic infrastructure through smart contracts and even social media triggers. How does this level of technical sophistication change the way we approach threat hunting?
The use of “living off the land” techniques, such as querying an Ethereum smart contract at address 0xa1b40044EBc2794f207D45143Bd82a1B86156c6b to find the current IP address of a command-and-control server, represents a paradigm shift in threat persistence. By not hard-coding a domain or IP, the attackers can rotate their backend infrastructure at will, simply by updating a value on the blockchain, which packages like ganach or solidty would then pick up dynamically. This strategy, combined with the YouTube-based remote activation switch, creates a moving target that traditional firewalls and blocklists simply cannot keep up with. As a threat hunter, you are no longer looking for a suspicious URL; you are looking for an npm package that is suddenly “interested” in the state of a specific smart contract or the metadata of a video. It requires us to monitor the behavior of our build processes with the same intensity that we monitor our production traffic, looking for these subtle, out-of-band communications.
When researchers deobfuscated the code, they found specific clues regarding the origin and motivation of the actors. What did those Russian-language comments and the random publisher names tell us about the people behind this operation?
The trail left behind in the deobfuscated code provides a fascinating, albeit brief, glimpse into the human element of this cybercrime operation. Finding Russian-language comments and variable names suggests that the developers behind these 11 suspicious packages are likely part of a financially motivated collective operating out of Eastern Europe. The use of randomly generated account names to publish the packages is a classic tradecraft move to avoid building a traceable “reputation” that could be linked back to previous failures. While no specific group has been officially named, the focus on stealing wallet phrases, SSH keys, and API tokens confirms that these are professionals who understand the high value of “developer secrets” in the modern economy. There is a cold, calculated efficiency in their work—they aren’t just looking for a quick score; they are building a scalable infrastructure to harvest the credentials that power the global cloud.
Given the “deceptively simple” nature of these infections, what are the most critical, actionable steps a development team should take right now to harden their workstations?
The first and most immediate defense is to break the cycle of automatic execution by running all installations with the npm install --ignore-scripts flag. This single command acts as a safety catch, preventing those preinstall and postinstall hooks from firing and giving the developer a chance to inspect the package before any code runs. Beyond that, organizations must move away from the “honor system” of dependency management and deploy robust Software Composition Analysis tools that can flag anomalies in download history or repository ownership. We must also cultivate a “zero-trust” mindset regarding local storage: private keys and seed phrases should never exist in plaintext on a workstation, and if any package like stelar-sdk or hardhat-deploy-utils is even suspected of being on a machine, every single credential must be rotated immediately. It is a grueling process, but in an era where a package can be weaponized with a single update, vigilance is the only currency that matters.
What is your forecast for the evolution of supply chain attacks in the Web3 space over the next few years?
I believe we are entering an era of “hyper-dynamic” malware where the distinction between a legitimate tool and a malicious payload will become almost invisible to the naked eye. We will likely see attackers using AI to generate thousands of convincing typosquatted packages—variations of solidty or ganach—that not only look real but also provide just enough functionality to remain undetected for months. The use of decentralized infrastructure for command-and-control will also mature, with attackers moving beyond simple smart contract lookups to using IPFS or other peer-to-peer protocols to hide their trails. For developers, this means the “wild west” days of blindly pulling dependencies from public registries are coming to a close; we are moving toward a future where every single line of third-party code will need to be cryptographically verified and sandboxed before it ever touches a production-adjacent environment. The cost of development is going up, but the cost of a breach—as we have seen with these millions of compromised downloads—is far higher.