The Nomic Foundation, which supports Hardhat, an Ethereum development tool, faced a supply chain attack via malicious npm packages designed to imitate legitimate plugins. These packages were used to steal critical information, such as private keys and sensitive data critical for Ethereum developers. The attack caused the compromise of development environments, potentially inserted backdoors into production systems, and possibly resulted in financial losses due to theft of cryptocurrency assets. With 20 identified malicious packages and over a thousand downloads, the incident reflects the vulnerabilities in the open-source development ecosystem and emphasizes the importance of diligent auditing practices.
Source: https://securityaffairs.com/172671/malware/malicious-npm-packages-target-ethereum-developers.html
TPRM report: https://scoringcyber.rankiteo.com/company/nomic-foundation
"id": "nom000010625",
"linkid": "nomic-foundation",
"type": "Breach",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Blockchain/Cryptocurrency',
'name': 'Nomic Foundation',
'type': 'Organization'}],
'attack_vector': 'Malicious npm packages',
'data_breach': {'data_exfiltration': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['private keys',
'sensitive data']},
'description': 'The Nomic Foundation, which supports Hardhat, an Ethereum '
'development tool, faced a supply chain attack via malicious '
'npm packages designed to imitate legitimate plugins. These '
'packages were used to steal critical information, such as '
'private keys and sensitive data critical for Ethereum '
'developers. The attack caused the compromise of development '
'environments, potentially inserted backdoors into production '
'systems, and possibly resulted in financial losses due to '
'theft of cryptocurrency assets. With 20 identified malicious '
'packages and over a thousand downloads, the incident reflects '
'the vulnerabilities in the open-source development ecosystem '
'and emphasizes the importance of diligent auditing practices.',
'impact': {'data_compromised': ['private keys', 'sensitive data'],
'systems_affected': ['development environments',
'production systems']},
'initial_access_broker': {'backdoors_established': True,
'entry_point': 'npm packages',
'high_value_targets': ['private keys',
'sensitive data']},
'lessons_learned': 'The incident reflects the vulnerabilities in the '
'open-source development ecosystem and emphasizes the '
'importance of diligent auditing practices.',
'motivation': 'Theft of cryptocurrency assets',
'post_incident_analysis': {'root_causes': 'Trust in open-source packages'},
'title': 'Supply Chain Attack on Nomic Foundation',
'type': 'Supply Chain Attack',
'vulnerability_exploited': 'Trust in open-source packages'}