Over 150,000 malicious packages recently submitted to the npm registry, are tied to a large-scale cryptocurrency farming scheme, dwarfing previously known incidents and raising urgent concerns about the future of software supply chain security.
The full scope of the campaign, uncovered through advanced rule-based and AI-assisted detection techniques by AWS researchers, was orchestrated to exploit the tea.xyz protocol, a blockchain-based platform that rewards open source developers with tokens. Unlike conventional malware campaigns, these packages did not contain code designed to steal credentials or install backdoors. Instead, they abused token reward mechanisms by publishing self-replicating, non-functional packages that clutter the registry and artificially inflate developer activity metrics.
The operation began on October 24, 2025, when Amazon researchers activated a new detection rule aimed at identifying unusual publishing patterns in the npm registry. Within days, the system began flagging thousands of suspicious packages that included tea.yaml configuration files, markers linking them to tea.xyz wallet addresses. These packages shared consistent naming schemes, had minimal or duplicated code, and were designed to automatically generate dependency chains between each other.
By November 7, the scale and structure of the campaign pointed to a coordinated effort rather than isolated abuse. Amazon’s team reached out to the Open Source Security Foundation (OpenSSF) the following day. Together, they began systematically reviewing and tagging the identified packages. The process concluded on November 12, revealing the staggering scope of the attack, with over 150,000 malicious packages linked to this automated scheme.
According to Amazon, the scheme’s goal was to exploit the tea.xyz reward model, which allocates cryptocurrency based on perceived package usefulness and contribution frequency. By simulating organic open source activity, attackers could farm tokens at scale, monetizing registry pollution without directly harming users through malicious code.
Although these packages were not designed to steal data or damage systems, they pose significant indirect risks, such as:
- Registry pollution that obscures legitimate projects and slows down dependency resolution.
- Infrastructure strain, consuming registry resources with automated spam.
- Supply chain ambiguity, introducing unnecessary dependencies that can confuse audits and CI/CD processes.
- A dangerous precedent, where any blockchain-based reward system may become a new attack surface.
The swift collaboration between Amazon and OpenSSF provided a model for industry response. Flagging malicious packages averaged just 30 minutes per package, allowing for near-real-time remediation and community-wide blocking. This rapid coordination helped mitigate the campaign’s impact and informed broader detection policy updates for the open source community.
Developers using npm are advised to audit project dependencies, pin package versions to lock dependencies, and consider isolating CI/CD environments, limiting exposure in case of dependency-related anomalies.
Leave a Reply