Threat actors have compromised more than 30 npm packages maintained by Red Hat, affecting software components downloaded over 116,000 times per week, according to security researchers. The attackers are harvesting GitHub tokens, cloud credentials, SSH keys, and cryptocurrency wallet secrets from affected developers, with investigators already identifying over 300 GitHub repositories containing exfiltrated credentials as the campaign continues.
The attack leverages the trust developers place in widely-used open-source libraries, allowing malicious code to propagate silently through routine dependency updates into downstream applications. This supply-chain vector poses acute risk to cryptocurrency infrastructure, including software wallets, blockchain nodes, decentralized finance protocols, and crypto exchange backends—all of which rely heavily on npm ecosystems and could inadvertently execute compromised dependencies during standard maintenance cycles.
Red Hat, one of the world's largest enterprise open-source software developers, has not yet issued a public advisory. The breach exemplifies a growing class of software supply-chain attacks: earlier this year, the Claude AI API was similarly exploited to infiltrate developer environments. Cryptocurrency projects and exchanges should immediately audit npm dependency trees and rotate any exposed credentials, particularly GitHub personal access tokens and cloud provider API keys.