@ensdomains/ens-contracts
MAL-2025-190931
npmmalware11/24/2025
Description
Malicious code in @ensdomains/ens-contracts (npm)
Indicators of Compromise
SHA256 Hashes (4)
2100f4fc9df15bbad549cd2656566b0f67f3275bf872479bc35f08f7fef0414e
dee805b6610ec644c5edb2b73ca1d1da2119bb3280f182e716cfdd0aa31720fb
72f6ea6e4682d9b2805bca00d852932e7f800092c11403706f58ee165e5491ce
598c4f68de12f026b60f0b86c03119e5fee43b0ed120df71cd1bf9a31d33e4f6
References (4)
https://github.com/advisories/GHSA-58x9-4xmp-8mg5OSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-58x9-4xmp-8mg5
Quick Actions