Supply Chain Attack on a Popular Dev Tool Is Stealing Crypto, Keys, and Tokens

The NPM ecosystem has been struck by a new supply chain attack, this time targeting the Nx project, into whose repository several malicious package versions were uploaded late Tuesday evening.

According to researchers at Wiz, these packages contained malware designed to steal developers’ secrets — including GitHub and NPM tokens, SSH keys, and cryptocurrency wallet data.

In guidance published on GitHub, the Nx team confirmed that a successful compromise resulted in the stolen credentials being automatically published as new public repositories under the names of the affected users.

With Nx packages logging 24 million monthly downloads on NPM, the potential impact of this attack could have been enormous. “Given the popularity of the Nx ecosystem and the abuse of AI tools in this incident, it highlights the growing sophistication of supply chain attacks,” noted StepSecurity co-founder Ashish Kurmi, urging all developers who may have installed the compromised versions to act immediately.

Wiz further reported that repositories containing the stolen data remained publicly accessible for nearly eight hours before GitHub took them offline. How the attacker gained access to Nx’s NPM account remains unclear, though preliminary findings suggest that a publishing token was compromised. While all project maintainers had two-factor authentication enabled, it was not required for publishing new versions — authentication was enforced only through package signature verification.

Nx emphasized that its platform is used by over 70% of Fortune 500 companies, though it has not disclosed the number of directly affected users. Wiz told The Register that the leak included more than 1,000 active GitHub tokens, around 20,000 files, and dozens of cloud credentials and NPM tokens.

The incident timeline shows that malicious packages began appearing on NPM on August 26 at 22:32 UTC, with further uploads over the next two hours. By 02:58 UTC, NPM had been notified, and within an hour all compromised versions were removed.

Impacted users are advised to contact the Nx support team to determine what data may have been exposed.

Although NPM has faced many such incidents in the past, this attack has a unique and troubling characteristic. Kurmi revealed that, for the first time, attackers exploited locally installed generative AI CLI tools — such as Claude, Gemini, and Q — to bypass defenses. The malware coerced these utilities into scanning the local file system and writing sensitive file paths into /tmp/inventory.txt, effectively turning legitimate AI tools into accomplices.

Charlie Eriksen of Aikido confirmed this was the first time he had observed such a technique, warning it could foreshadow how adversaries adapt their methods in the future. Beyond harvesting data, the malicious packages also inserted shutdown commands into startup files, causing victims’ computers to power off upon login. “Ironically, this shutdown behavior may have helped expose the attack more quickly and limited its overall scope,” Eriksen observed.

He further stressed that the public exposure of stolen GitHub and NPM tokens significantly worsened the situation, since they immediately fell into the hands of additional threat actors. “There is a real risk this was only the first wave, with more incidents yet to come. We are continuing to monitor the situation closely,” he concluded.