The $1.5 Billion Wake-Up Call: How Supply Chain Attacks Became Web3's Deadliest Threat in 2025
When security researchers released the final tally for 2025, the number that stopped everyone cold wasn't the record-breaking $3.35 billion in total Web3 losses — it was how that money was stolen. For the first time, software supply chain attacks claimed the top spot as the single most destructive attack vector, accounting for $1.45 billion in losses across just two incidents. Smart contracts, flash loans, oracle manipulation — the classic Web3 exploits — didn't come close. The battlefield has shifted, and most of the industry is still fighting the last war.
A Number That Changes Everything: $1.45 Billion from Two Attacks
CertiK's Hack3d 2025 Annual Security Report documents 630 security incidents resulting in $3.35 billion in losses — a 37% year-over-year increase. But the headline statistic obscures a structural shift: the average loss per incident surged to $5.32 million, up 66.6% from 2024. Attackers are not spraying and praying. They are picking high-value targets and exploiting the one vulnerability most protocols haven't audited — their software build infrastructure.
Supply chain attacks generated $1,450,914,902 in losses across just two incidents. That's 43% of all 2025 Web3 losses from attacks that never touched a single line of smart contract code. The Bybit hack alone — $1.44 billion drained from the world's third-largest exchange in under an hour — traces its root cause not to a Solidity vulnerability but to a malicious JavaScript file injected into a third-party wallet interface.
Anatomy of the Bybit Heist: When the Signing Interface Is the Weapon
On February 21, 2025, Bybit's cold wallet signed what appeared to be a routine internal transfer. The multi-signature approval process completed normally. The funds moved — to addresses controlled by North Korea's Lazarus Group. $1.5 billion in Ethereum, gone.
The technical breakdown, confirmed by NCC Group and TRM Labs, reveals the attack's elegance and horror in equal measure. Bybit used Safe{Wallet}, a widely deployed multisig platform, for cold wallet management. Weeks earlier, a Safe{Wallet} developer had fallen for a targeted social engineering attack. Their workstation was compromised and malicious JavaScript was injected into the Safe{Wallet} signer interface — but surgically, targeting only Bybit transactions. For every other user, the Safe interface functioned perfectly. Only when Bybit signers were approving a cold wallet transaction did the code silently redirect funds to Lazarus-controlled addresses.
The FBI officially attributed the attack to North Korea's TraderTraitor sub-unit on February 26, 2025. Within five weeks, the attackers had converted 86.29% of the stolen ETH to Bitcoin and laundered it through a web of decentralized exchanges, cross-chain bridges, and intermediary wallets. Elliptic's blockchain intelligence later tracked the laundering operation as one of the most sophisticated ever observed, moving through dozens of protocols at machine speed.
This is the defining case study of supply chain exploitation: the attacker never needed to break encryption, exploit a vulnerability in the vault, or compromise Bybit's own infrastructure. They compromised a dependency and waited.
The npm Ecosystem: 454,648 Malicious Packages in a Single Year
The Bybit attack was the apex event, but it did not exist in a vacuum. The npm ecosystem — the primary package registry for JavaScript, and the beating heart of virtually every Web3 frontend — faced an unprecedented assault in 2025.
Sonatype's 2026 retrospective found that 454,648 malicious npm packages were published in 2025 alone. Over 99% of all open source malware now targets npm, cementing it as the most heavily attacked open source registry in existence.
Several campaigns defined the year:
The @solana/web3.js Compromise (December 2024 — harbinger of 2025): A phishing attack on an npm organization member with publish access resulted in backdoored versions 1.95.6 and 1.95.7 of the @solana/web3.js library, used by thousands of Solana applications. The malicious code added a hidden addToQueue function that exfiltrated private keys through disguised Cloudflare headers. The poisoned versions were live for approximately five hours, draining over $190,000 from servers running JavaScript bots with exposed private keys. Solana's quick response limited the blast radius, but the incident previewed the attack pattern that would define 2025.
The Shai-Hulud Worm: A self-replicating npm worm named Shai-Hulud spread across the registry in a series of campaigns, compromising over 500 packages before full containment. The worm automated its own propagation — a compromised developer machine or CI pipeline would automatically publish poisoned downstream packages, turning build infrastructure into a replication vector. It specifically targeted cloud credentials and CI/CD secrets, with the goal of using stolen pipeline access to push further malicious code.
The September 2025 Mass Compromise: On September 8, 2025, attackers published malicious updates to 18 widely-used npm packages simultaneously — including foundational libraries like debug, chalk, and ansi-styles. These 18 packages alone account for over 2.6 billion weekly downloads. The attack demonstrated that the most impactful supply chain compromises don't require targeting crypto-specific packages; poisoning general-purpose developer tooling achieves equivalent exposure across the entire ecosystem.
GitHub Actions: The CI/CD Attack Surface No One Was Watching
If npm represents the package-level vulnerability, GitHub Actions represents the pipeline-level one — and 2025 saw attackers pivot aggressively to the latter.
In March 2025, attackers compromised the tj-actions/changed-files GitHub Action, a widely used CI utility that detects file changes across pull requests. By retroactively modifying version tags to reference malicious commits, they poisoned builds in over 23,000 repositories simultaneously. The payload dumped the CI/CD runner's memory, exposing environment variables — API keys, signing credentials, deploy tokens — directly to workflow logs.
Dark Reading reported that supply chain attacks specifically targeting GitHub Actions increased substantially throughout 2025. Palo Alto's Unit 42 documented a concurrent Coinbase-targeted incident as part of the same campaign, suggesting that the tj-actions compromise was a targeted reconnaissance operation that accidentally became public.
Lazarus Group's Operation 99, documented in January 2025, illustrated the human-layer entry point: fake LinkedIn recruiters contacted Web3 developers with lucrative job offers, instructing candidates to clone a malicious GitLab repository as part of the "technical assessment." The repository contained malware designed to harvest development environment credentials, npm tokens, and private keys — turning the interview process itself into a supply chain attack vector.
Why This Beats Smart Contract Exploits: Attack Economics
The shift toward supply chain attacks follows straightforward economics. Smart contract auditing has matured. Formal verification tools, competitive audit markets, and the documented history of flash loan, reentrancy, and oracle attacks have made direct on-chain exploitation increasingly difficult and expensive for attackers.
Supply chain attacks offer a fundamentally different risk-reward ratio. A single compromised developer credential — obtainable through phishing, credential stuffing, or a fake job listing — can yield access to a package downloaded hundreds of millions of times per week. The attack is inherently scalable: one infection propagates across every downstream project before a single security scan runs.
The trust asymmetry is the core exploit. Developers and protocols verify smart contract code obsessively. The package.json dependency tree receives a fraction of that scrutiny. A package updated at 3 AM by a credential-compromised maintainer looks identical to a legitimate security patch until someone reads the diff.
The Defense Gap: Web3 Has No SBOM Standard
In traditional software security, the analogous reckoning happened earlier. SolarWinds (2020) and Log4j (2021) prompted the U.S. government to mandate Software Bills of Materials — structured inventories of every software component and dependency in a build — for critical infrastructure suppliers. CISA's SBOM frameworks, NIST's guidance, and executive orders created a compliance baseline that forced enterprises to map their dependency exposure.
Web3 has no equivalent standard. There is no SBOM mandate for protocol deployments, no equivalent of SLSA Level 3 certification for npm package publishers, no industry-wide requirement for reproducible builds or supply chain attestation.
Some defensive responses are emerging. The open-source security foundation has stabilized SLSA 1.0, SPDX 3, and Sigstore as vendor-neutral standards. Gartner projected that 60% of organizations building critical infrastructure software would mandate SBOMs by end of 2025. GitHub's Sigstore integration makes cryptographic commit signing accessible to mainstream developers. Research from Faith Forge Labs documents that SLSA Level 2 compliance is now achievable in weeks using standard tooling like cosign and Syft.
But adoption in Web3 remains nascent. Most protocol teams do not maintain SBOMs. Most DeFi frontends do not enforce Subresource Integrity checks on JavaScript bundles. Most multisig wallet interfaces do not sign and verify their deployment artifacts independently of their hosting infrastructure.
The Bybit attack demonstrated exactly what happens when that gap is exploited: a $1.44 billion loss from a JavaScript injection that no smart contract audit would have caught.
The 2026 Security Imperative: Infrastructure Is the New Attack Surface
For developers, protocol teams, and infrastructure providers, 2025's data points to a set of non-negotiable practices:
Dependency pinning and lockfile enforcement. Every package should be pinned to an exact, verified version. CI pipelines should run npm ci — which installs from lockfiles without floating updates — rather than npm install. Any dependency update should trigger a mandatory diff review.
Supply chain monitoring. Tools like Socket.dev, Phylum, and Snyk now provide real-time detection of malicious behavior patterns in newly published packages, including credential-stealing code, hidden network calls, and obfuscated payloads. Integrating these into CI pipelines creates a detection layer that runs before code ships.
Subresource Integrity for frontends. Any JavaScript loaded by a frontend interface that signs or approves wallet transactions should be verified via cryptographic hash. If a CDN or third-party asset is compromised, an SRI check will block execution.
Multi-party signing with air-gapped infrastructure. The Bybit attack worked because all signers were using the same compromised interface. Organizations managing significant treasuries should diversify their signing interfaces — at minimum using different machines, ideally air-gapped hardware signers that render a JavaScript injection inert.
Audit the build pipeline, not just the contracts. Protocol security reviews should expand scope to include CI/CD configurations, GitHub Actions permissions, npm publishing credentials, and the dependency trees of deployment tooling.
The hard truth from 2025 is that the perimeter has moved. Smart contracts are increasingly well-defended. The attack surface is now the infrastructure between developer commits and on-chain execution — the build systems, package registries, and interface layers that most security reviews still treat as trusted by default.
The Attacker's Next Move
The 454,648 malicious packages published in 2025 represent an automation-enabled assault. The Shai-Hulud worm demonstrated that supply chain malware can self-replicate without further attacker intervention. The convergence of AI-generated phishing content, automated package scanning for vulnerable maintainers, and the programmatic injection of malicious code into CI pipelines creates a threat model that scales faster than manual review can match.
Q1 2026 data from PeckShield and Hacken indicates that infrastructure attacks — targeting cloud credentials, API keys, and deployment pipelines — have continued to rise, even as headline hack totals fluctuate with market cycle and target availability. The pattern is structural, not cyclical.
2025's $3.35 billion security loss is a data point. The $1.45 billion that came from two supply chain attacks is a policy argument: the industry needs SBOM standards, reproducible build mandates, and mandatory supply chain auditing with the same urgency it once brought to smart contract security.
The next Bybit-scale event won't announce itself with an on-chain anomaly. It will begin with a phishing email, a compromised npm token, or a malicious GitHub Action — and it will be measured in the same billions.
BlockEden.xyz operates RPC infrastructure and API endpoints for Sui, Aptos, Ethereum, and 20+ chains. Our node infrastructure runs reproducible builds with pinned dependencies and continuous supply chain monitoring — the kind of security hygiene that 2025's $3.35B loss year made non-negotiable. Explore our API Marketplace to build on infrastructure with security fundamentals designed for the threat landscape ahead.