150,000 Malicious NPM Packages Flood Registry in Sophisticated Token Farming Attack

Introduction

In a striking escalation of supply chain threats, researchers at Amazon have uncovered a massive wave of over 150,000 malicious packages in the NPM registry. Unlike traditional malware attacks, this campaign exploited the reward mechanism of the tea.xyz protocol, a blockchain-based system designed to incentivize developers for open source contributions. By artificially inflating package metrics and leveraging self-replicating dependency chains, threat actors were able to extract financial rewards without deploying overtly malicious code. The incident highlights an emerging, subtler form of attack that poses serious risks to developers, organizations, and the integrity of the open source ecosystem.

the Attack

Amazon Inspector researchers first detected the suspicious packages after implementing a new detection rule on October 24 aimed at spotting unusual patterns in the NPM registry. Within days, AI-driven analysis flagged thousands of packages connected to tea.xyz. The investigation revealed a coordinated, self-replicating attack pattern.

Rather than embedding malware, the attackers created packages with no legitimate functionality, designed solely to manipulate tea.xyz’s reward system. These packages leveraged circular dependency chains in package.json files, ensuring that installing one package would automatically trigger the installation of many others, amplifying both installation activity and teaRank scores.

The scale of this campaign was unprecedented. More than 150,000 malicious packages were systematically generated and cataloged with MAL-IDs in collaboration with the Open Source Security Foundation (OpenSSF). Attackers exploited automated tooling to replicate packages, using predictable naming conventions, minimal code, and blockchain-linked tea.yaml configuration files to extract cryptocurrency rewards.

While no ransomware or data-stealing malware was found, the attack polluted the NPM registry, overshadowing legitimate packages and straining bandwidth, storage, and infrastructure resources. This scenario also raised dependency confusion risks, highlighting the hidden dangers even non-functional packages can pose.

Amazon researchers recommended using tools like Amazon Inspector to detect compromised packages, auditing existing NPM packages to remove low-quality or non-functional ones, and hardening supply chains through software bills of materials (SBOMs) and isolated CI/CD environments. With supply chain attacks on the rise, government agencies including CISA have issued guidance to mitigate these evolving threats.

What Undercode Say:

This token farming incident marks a pivotal shift in how attackers exploit open source ecosystems. Unlike conventional malware that directly compromises systems, this campaign targets incentives and trust structures. By manipulating blockchain-based reward metrics, attackers created financial gain pathways that are far less visible but equally damaging to the software supply chain.

The coordinated nature of the dependency chains demonstrates a high level of sophistication. Instead of random package proliferation, each package was strategically interlinked to maximize replication and reward exploitation. This approach mirrors financial market manipulation tactics, where small, systematic actions yield disproportionate benefits over time.

From an organizational perspective, the attack underscores the need to rethink how software dependencies are evaluated. Traditional malware detection is insufficient when the threat does not involve destructive payloads. Security teams must adopt proactive auditing mechanisms to measure package quality, dependency integrity, and blockchain-linked configurations.

The attack also exposes structural vulnerabilities in open source reward systems like tea.xyz. While incentivization schemes aim to encourage contribution, they also create attack surfaces that can be gamed at scale. Future incentive-based systems may need built-in anomaly detection and replication pattern analysis to prevent exploitation.

On a broader scale, this event signals a new frontier for supply chain security. Even without malware, self-replicating, financially motivated attacks can disrupt ecosystems, waste resources, and degrade trust. Organizations must embrace layered defenses: automated package auditing, SBOM enforcement, and separation of CI/CD environments to limit the cascading effects of malicious package installations.

Moreover, this incident illustrates the growing interconnection between blockchain technologies and software supply chains. As financial incentives merge with development practices, threat actors can exploit these overlaps for tokenized rewards rather than conventional system compromise. It’s a wake-up call that cybersecurity must expand beyond traditional malware paradigms to include economic and incentive-based manipulations.

Supply chain resilience now hinges on both technical and economic vigilance. Continuous monitoring of package behaviors, dependency patterns, and blockchain interactions will become essential. Public-private partnerships, like Amazon’s collaboration with OpenSSF, are likely to become standard practice, as coordinated intelligence sharing is necessary to respond at scale.

Ultimately, the 150,000-package flood illustrates a shift from destructive attacks to strategic, high-volume exploitation. Security frameworks must evolve accordingly, blending software engineering rigor with blockchain-aware monitoring. The industry must recognize that even non-functional packages can be weaponized in subtle yet devastating ways.

Fact Checker Results

✅ Amazon Inspector researchers confirmed the presence of over 150,000 malicious packages targeting tea.xyz.
✅ The campaign exploited reward mechanisms without embedding traditional malware.
❌ No evidence suggests ransomware or data-stealing malware was part of this attack.

Prediction

📊 The intersection of open source ecosystems and blockchain incentives will likely attract further exploitation attempts. Future attacks may involve hybrid strategies, combining token farming with hidden payloads. Organizations that fail to adopt SBOMs, CI/CD isolation, and package integrity monitoring could face significant operational and financial risks. Automated detection rules and AI-powered auditing will become critical tools to prevent similar large-scale supply chain manipulations.