SlowMist Issues Alert on Shai-Hulud 3.0 NPM Supply Chain Attack

SlowMist warns of Shai-Hulud 3.0, a new NPM supply chain worm discovered by Aikido Security, targeting developer credentials and cloud keys amid links to prior Trust Wallet API breaches.

76d ago

Summary

SlowMist’s CSO 23pds issued a security alert about Shai-Hulud 3.0, a newly detected NPM supply chain worm designed to steal developer credentials and cloud access keys. The threat was identified on December 28, 2025 by Aikido Security’s Charlie Eriksen, following a suspected Shai-Hulud 2.0 incident tied to Trust Wallet API key leaks. Current signs suggest potential early-stage or testing phase activity, highlighting risks to developers and cloud services.

Terms & Concepts

NPM supply chain attack: A malicious compromise of software packages in the Node Package Manager (NPM) ecosystem, potentially affecting projects that depend on them.
Cloud keys: Digital authentication tokens used to access and manage cloud computing services, often representing sensitive security credentials.
Shai-Hulud 3.0: A named version of a malicious campaign targeting NPM packages to steal developer credentials and secrets.