The Nomic Foundation, which supports Hardhat, an Ethereum development tool, faced a supply chain attack via malicious npm packages designed to imitate legitimate plugins. These packages were used to steal critical information, such as private keys and sensitive data critical for Ethereum developers. The attack caused the compromise of development environments, potentially inserted backdoors into production systems, and possibly resulted in financial losses due to theft of cryptocurrency assets. With 20 identified malicious packages and over a thousand downloads, the incident reflects the vulnerabilities in the open-source development ecosystem and emphasizes the importance of diligent auditing practices.
Source: https://securityaffairs.com/172671/malware/malicious-npm-packages-target-ethereum-developers.html
"id": "nom000010625",
"linkid": "nomic-foundation",
"type": "Breach",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"