Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
More
NPM supply chain is under threat again, with the latest attack variant "Shai-Hulud 3.0" surfacing. Security research teams have issued an emergency warning, indicating that this new malicious code poses potential risks to multiple projects and platforms.
According to security analysis, this variant inherits the attack logic from the previous Shai-Hulud 2.0, during which a well-known wallet API key leak was suspected. This continuously evolving supply chain attack method warrants high vigilance—it not only threatens individual projects but could also impact the security chain of the entire development ecosystem.
For development teams and trading platforms, current prevention priorities include: strictly auditing the source and update records of NPM dependencies, implementing code review mechanisms, and monitoring abnormal package update behaviors. Even seemingly minor supply chain changes could become entry points for hackers.
Security is not a one-time effort; only by remaining vigilant and updating protective strategies in a timely manner can one stay invincible in the complex Web3 ecosystem.
Wallet APIs can be leaked, indicating that these hackers are serious. We small developers also need to stay alert.
Shai-Hulud has upgraded to 3.0, the version number is catching up with our products haha.
Code review mechanisms must be implemented, or one day we might get malware without even knowing.
This is the fate of the supply chain, there will never be a 100% secure moment.
If this continues, we'll have to scrutinize every npm package with a magnifying glass.
---
Really, is the supply chain so easy to be exposed? Feels like I’m patching vulnerabilities every day, so exhausting.
---
Wait, what kind of name is Shai-Hulud haha, sandworm? This hacker aesthetic is pretty outrageous.
---
I just want to ask, why haven’t those major exchanges been compromised yet? Or have they already been infected with trojans?
---
I have to manually audit the npm packages again, oh my god, when will this work end?
---
Supply chain attacks are hard to defend against, unless you don’t use open-source libraries.
---
Looks like I have to lock all dependencies and avoid any updates, just to be safe.
---
Ugh, if API keys can be leaked, then the entire ecosystem must have already fallen...
---
Every time they say strict audits, but who has the time? A project has hundreds of dependencies.
Haven't you learned enough from the wallet API incident? Major projects are still too casual when using npm packages.
---
The supply chain is truly hard to defend against; a small dependency package can drain the entire ecosystem.
---
I just want to ask how many projects are really auditing npm package sources. Honestly, most are just for show.
---
The Shai-Hulud series is getting more aggressive; it feels like hackers are more professional than developers.
---
Every time they say to be cautious, but next time they still get caught. That's just how this circle works.
---
The key leak hasn't been recovered yet? That’s so absurd.
---
Here we go again, supply chain attacks never end. It seems necessary to get into the security industry.
---
Web3 has never been truly secure, yet it remains invincible. It's funny.
---
Strict auditing sounds easy, but the actual cost can drive people crazy when doing it.
---
If there's a problem with the wallet, there's no need to install it; just give up.