The Shai-Hulud 2.0 self-replicating worm that hit the NPM registry in late November was responsible for the recent $8.5 million heist from cryptocurrency wallet Trust Wallet.
The theft came to light on December 25, when Trust Wallet announced that hackers targeted customers using version 2.68 of its Chrome browser extension.
In an incident post-mortem, the cryptocurrency wallet revealed that hackers published the malicious versions of the extension on December 24, and that all users who logged into their accounts between December 24 and 26 using the extension were affected.
“We have identified 2,520 wallet addresses that were affected by this incident and drained by the attackers, with approximately $8.5 million in assets impacted that can be associated with 17 wallet addresses controlled by the attacker,” Trust Wallet says.
The crypto wallet says it will reimburse all affected users, noting that wallet addresses not associated with Trust Wallet were also drained to the identified attacker addresses.
Trust Wallet says the Shai-Hulud supply chain attack targeting NPM users was the root cause of the heist.
Its Developer GitHub secrets were leaked in the incident, providing the attackers with access to its source code and to the Chrome Web Store API key.
The hackers prepared a malicious version of the Trust Wallet Chrome browser extension and used the leaked API key to publish it outside the standard release process.
The attackers registered a domain hosting malicious code that the extension would retrieve to collect users’ sensitive wallet data and allow the attackers to perform fraudulent transactions.
All Trust Wallet users are advised to update to version 2.69 of the Chrome extension as soon as possible.
One month of Shai-Hulud 2.0 infections
“Sha1-Hulud was an industry-wide software supply chain attack that affected companies across multiple sectors, including but not limited to crypto,” Trust Wallet says.
Shai-Hulud is a self-replicating worm that first targeted the NPM ecosystem in September 2025, to leak victims’ sensitive information to automatically created GitHub repositories.
The second iteration of the worm’s outbreak, dubbed Shai-Hulud 2.0 and Sha1-Hulud, occurred in late November.
Within days, more than 640 NPM packages were infected with the malware, which created more than 25,000 data-leaking repositories at its peak, on November 24.
Quick reaction from the industry resulted in the number of newly created repositories remaining at roughly 100-200 per day between November 25 and December 24, cybersecurity firm Wiz notes.
Full eradication was not possible mainly because the infected OpenVSX asyncapi-preview 1.0.1 extension was not automatically updated due to the lack of a higher version. Infected private and cached packages also fueled the continued propagation.
However, after the AsyncAPI team published version 1.1.0 of their OpenVSX extension, the number of new repositories dropped to just a handful by December 29.
To date, Wiz has identified over 12,000 unique compromised machines and more than 29,000 repositories exposing victims’ data.
“One month post-incident, the cleanup is far from complete. While platform-specific tokens (npm/GitHub) have seen aggressive revocation, critical infrastructure and AI credentials remain exposed,” Wiz notes.
Shai-Hulud 3.0 emerges
To make matters worse, shortly after the infections dropped to a near halt, an updated variant of the worm emerged.
On December 28, Aikido discovered the new malware iteration inside the @vietmoney/react-big-calendar package, noting that a coding error might have prevented the worm from spreading en masse, as before.
Shai Hulud 3.0, Upwind explains, contains the same core mechanism as its previous iterations: an install-time logic to launch malicious code before the victims or automated scanners can intervene.
Once executed, the worm uses TruffleHog to scan the system for API tokens, credentials, and other secrets, and invokes the Bun runtime for Windows-based publishing workflows.
“Extracted secrets are written to disk and later exfiltrated to attacker-controlled infrastructure,” Upwind notes.
A major change from the previous iteration, however, is the removal of a “dead man switch” that resulted in the execution of a wiper if no GitHub or NPM tokens were found to abuse for data exfiltration.
Users of @vietmoney/react-big-calendar and any extensions known to have been injected with the Shai-Hulud worm are advised to remove the infected dependencies and rotate their credentials and keys as soon as possible.
Related: Infostealer Malware Delivered in EmEditor Supply Chain Attack
Related: NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data
Related: Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks
Related: Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign
