quickswap-smart-order-router
MAL-2025-191410
npmmalware11/24/2025
Description
Malicious code in quickswap-smart-order-router (npm)
Indicators of Compromise
SHA256 Hashes (3)
17ca94a9d0c686ee8a7ce5aa7fcd79955127ffb50b7d9ee540a50387b32f6e83
a4aff6420932051b354473205fed4d1390b1345df79b39cb3bd030d67682bdab
65a1978f5a844fe2a4875f031a7498db4411fdf687fe752f1dbbcea7a6a31fba
References (4)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://github.com/advisories/GHSA-fcpc-rxv5-qgj5OSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-fcpc-rxv5-qgj5
Quick Actions