SlowMist detects malicious supply chain attack targeting npm users and DeFi developers
SlowMist has identified a supply chain attack against npm packages. DeFi developers and their smart contract integrations sit inside the blast radius.
Caleb North·updated July 03, 2026

The vector
npm is the substrate of Web3 tooling. Hardhat, TypeScript SDKs, ethers.js, viem, deployment scripts, frontend bundles, indexers, MEV bots — all pull from the registry. A compromised package reaches the developer through the standard install path. No exotic precondition. No privilege escalation required. The payload executes at the point of trust, before any code review begins.
For smart contract teams, the exposure surface is the entire build pipeline. A poisoned dependency can mutate deploy scripts to redirect a create call. It can inject wallet-draining logic into a frontend bundle served to users post-deploy. It can exfiltrate private keys, RPC URLs, or .env material during local testing. State mutation before a contract reaches mainnet is sufficient damage.
The attack invalidates the assumption that audited code equals safe code. A standard review covers contracts a team wrote. The malicious logic lives in transitive dependencies the team never touched, never read, and never pinned. The invariant a developer must enforce: verify what executes, not what was written.
What SlowMist disclosed
The report flags an active campaign. The available summary names DeFi developers and their smart contract integrations as the primary targets. Specific package names, the full indicator-of-compromise list, and the infection timeline are not present in the public sources cited. Treat any disclosure from SlowMist's official channels as authoritative. Cross-reference any locally installed packages against SlowMist's IOCs once published.
Defensive checklist
- Pin every dependency. Audit the lockfile diff against the last known-good commit.
- Run
npm install --ignore-scriptsin CI where postinstall hooks are not required. - Verify package provenance: maintainer history, publish date, signature, and version-age delta.
- Isolate build environments. No production keys, no mainnet RPC URLs, no treasury addresses inside the install context.
- Scan dependencies with tools that surface known-malicious packages before merge.
- Re-image developer workstations that pulled from a confirmed-bad window.
- Rotate any key material that was present in an environment where the malicious package executed.
The npm registry remains an open trust surface. Until provenance is enforced at the protocol level, the only deterministic defense is local verification.