SlowMist CISO: NPM Supply Chain Attack Latest Variant "Shai-Hulud 3.0" is Coming, Please Be Vigilant

BlockBeats News, December 29, SlowMist Chief Security Officer 23pds issued a security alert, the latest variant of the NPM supply chain attack "Shai-Hulud 3.0" strikes again. All projects and platforms are advised to be on high alert. Previously, the suspected Trust Wallet API key leak may have led to the Shai-Hulud 2.0 attack.

Shai-Hulud is a series of self-propagating worm-like supply chain attacks targeting the NPM ecosystem, aiming to steal developer credentials, cloud keys, and environment secrets. The latest variant (referred to by the community as Shai-Hulud 3.0 or a new strain) was discovered by Aikido Security researcher Charlie Eriksen on December 28, 2025. Currently, its spread is limited and may be in a testing phase.