Breach cyber

Nomic Foundation

Jan 6, 2025 1 min read
Nomic Foundation

The Nomic Foundation, which supports Hardhat, an Ethereum development tool, faced a supply chain attack via malicious npm packages designed to imitate legitimate plugins. These packages were used to steal critical information, such as private keys and sensitive data critical for Ethereum developers. The attack caused the compromise of development environments, potentially inserted backdoors into production systems, and possibly resulted in financial losses due to theft of cryptocurrency assets. With 20 identified malicious packages and over a thousand downloads, the incident reflects the vulnerabilities in the open-source development ecosystem and emphasizes the importance of diligent auditing practices.

Source: https://securityaffairs.com/172671/malware/malicious-npm-packages-target-ethereum-developers.html

TPRM report: https://scoringcyber.rankiteo.com/company/nomic-foundation

"id": "nom000010625",
"linkid": "nomic-foundation",
"type": "Breach",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Blockchain/Cryptocurrency',
                        'name': 'Nomic Foundation',
                        'type': 'Organization'}],
 'attack_vector': 'Malicious npm packages',
 'data_breach': {'data_exfiltration': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['private keys',
                                              'sensitive data']},
 'description': 'The Nomic Foundation, which supports Hardhat, an Ethereum '
                'development tool, faced a supply chain attack via malicious '
                'npm packages designed to imitate legitimate plugins. These '
                'packages were used to steal critical information, such as '
                'private keys and sensitive data critical for Ethereum '
                'developers. The attack caused the compromise of development '
                'environments, potentially inserted backdoors into production '
                'systems, and possibly resulted in financial losses due to '
                'theft of cryptocurrency assets. With 20 identified malicious '
                'packages and over a thousand downloads, the incident reflects '
                'the vulnerabilities in the open-source development ecosystem '
                'and emphasizes the importance of diligent auditing practices.',
 'impact': {'data_compromised': ['private keys', 'sensitive data'],
            'systems_affected': ['development environments',
                                 'production systems']},
 'initial_access_broker': {'backdoors_established': True,
                           'entry_point': 'npm packages',
                           'high_value_targets': ['private keys',
                                                  'sensitive data']},
 'lessons_learned': 'The incident reflects the vulnerabilities in the '
                    'open-source development ecosystem and emphasizes the '
                    'importance of diligent auditing practices.',
 'motivation': 'Theft of cryptocurrency assets',
 'post_incident_analysis': {'root_causes': 'Trust in open-source packages'},
 'title': 'Supply Chain Attack on Nomic Foundation',
 'type': 'Supply Chain Attack',
 'vulnerability_exploited': 'Trust in open-source packages'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.