The cryptocurrency development ecosystem faced an unprecedented supply chain crisis as the Nx “s1ngularity” attack unfolded across GitHub and npm, compromising over 1,079 developer systems and harvesting 2,349 credentials. With Bitcoin trading at $108,410 and Ethereum at $4,360 on August 29, 2025, the attack’s second phase saw attackers weaponizing stolen GitHub tokens to expose 82,901 additional secrets by making 10,767 private repositories public. The scale of this breach redefines what supply chain attacks look like in the crypto era.
The Exploit Mechanics
The attack began with malicious versions of the popular Nx build tool (versions 20.9.0 through 21.8.0) published on npm. Once installed, the compromised packages systematically scanned developer systems for high-value credentials, including GitHub OAuth tokens, npm authentication keys, SSH private keys, environment variable API keys, and even cryptocurrency wallet files. The malware specifically targeted configuration files and authentication tokens for AI CLI tools like Claude, Gemini, and Q, recognizing that these tools often require elevated permissions in development environments.
Harvested credentials underwent double-base64 encoding before exfiltration to over 1,400 public GitHub repositories, each named following a distinctive “s1ngularity-repository” pattern with a single “results.b64” file. This encoding scheme was designed to evade basic detection while preserving data integrity during the GitHub-based exfiltration process. According to GitGuardian’s analysis, over 1,100 of the stolen credentials remained valid at the time of discovery.
Affected Systems
Analysis of the exfiltrated data revealed that 85% of infected systems were running macOS, highlighting the attack’s particular impact on the developer community where Apple’s platform dominates. Perhaps most notably, 33% of compromised systems had at least one large language model client installed, confirming the attackers’ prescient focus on AI development tools as an emerging attack surface.
Of the 366 systems where LLM tools were specifically targeted, only 95 actually wrote the requested inventory files. Many LLM clients refused to comply with the malicious requests, with some explicitly stating they would not execute commands that appeared to be credential harvesting attempts. This unexpected defensive behavior from AI tools represents an unintentional but valuable security control in the modern development stack.
The attackers also implemented destructive payloads that modified users’ shell startup files (~/.bashrc and ~/.zshrc) with shutdown commands, causing systems to crash when new terminal sessions were opened. This sabotage component added a layer of disruption beyond the credential theft.
The Mitigation Strategy
GitGuardian released a free, open-source tool called S1ngularity Scanner to help developers scan local environments for files compromised in the attack. The company’s Good Samaritan Program sent 482 emails to affected developers. GitHub rapidly deleted the exfiltration repositories, though GitGuardian’s monitoring infrastructure confirmed that 1,346 such repositories existed at peak, even as only about ten remained publicly visible.
The second phase, which took place on August 28, 2025, saw attackers using valid GitHub tokens to rename and make private repositories public. This phase exposed secrets across thousands of projects that had no direct connection to the original Nx compromise, demonstrating how credential reuse creates cascading failures across the software supply chain.
Lessons Learned
The s1ngularity attack exposes several critical weaknesses in modern development practices. First, the concentration of secrets in developer environments — GitHub tokens, npm keys, SSH keys, and AI tool credentials all on a single machine — creates a single point of catastrophic failure. Second, the speed at which stolen credentials were weaponized (within 24 hours) shows that reactive response is insufficient. Third, the attack on AI CLI tools signals a new frontier in supply chain security, where the tools developers trust to write code become vectors for stealing the keys to that code.
The fact that 1,100 stolen credentials remained valid days after the attack was discovered underscores a persistent failure in credential rotation practices across the industry.
User Action Required
Developers who used Nx versions 20.9.0 through 21.8.0 between August 26-29, 2025 should immediately rotate all GitHub tokens, npm keys, SSH keys, and API credentials. Run the S1ngularity Scanner tool against local environments. Enable GitHub’s secret scanning alerts and review any recent changes to shell configuration files. Organizations should audit their dependency trees for compromised packages and implement pre-commit hooks that detect credential exposure before code reaches repositories.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before making any financial decisions.
33% of compromised machines had LLM CLI tools with elevated permissions. claude and gemini tokens sitting in plaintext env files on dev machines. the AI tooling gold rush created a massive new attack surface
This s1ngularity attack is a massive wake-up call for the entire space. Hardcoding secrets in GitHub repos is such a rookie mistake, but seeing over 80k credentials exposed shows how deep the technical debt goes in these fast-moving “move fast and break things” projects. We really need better automated scanning tools integrated into every CI/CD pipeline if we want to survive these kinds of supply chain exploits.
dan 80K credentials exposed and 1100 still valid. the CI/CD pipeline is the attack surface now. not the smart contract, the build system
nx_burned_ the build system IS the attack surface now. 1079 systems compromised through npm packages that passed integrity checks because they were signed
pkg_integrity_ the build system being the attack surface means the entire npm trust model is broken. 1079 systems compromised through signed packages that passed CI checks
Another day, another massive security failure. It feels like every time we take one step forward, some “supply chain attack” takes us two steps back. How are we supposed to trust the “decentralized future” when the very tools developers use are this vulnerable? I’m definitely rotating my keys tonight and double-checking everything I’ve touched recently.
sarah rotating keys helps but the real fix is pinning dependencies and using lockfile integrity checks. npm install without verification is the vulnerability
lockfile integrity checks catch this but most teams skip verification in CI because it slows builds by 30 seconds. convenience over security, every single time
Wow, 82,901 secrets? That number is absolutely terrifying. I’m not a dev, but it’s crazy how one vulnerability can ripple through the whole ecosystem like that. Hopefully, the affected teams can rotate their credentials fast enough before things get even worse. Stay safe everyone and remember to never keep anything sensitive in plain text!
33% of compromised systems had LLM clients installed. AI coding tools with elevated permissions are the new attack vector. the s1ngularity naming wasnt accidental
33% of systems had LLM clients installed. AI coding tools with elevated permissions are the new attack vector nobody secured
33% had LLM clients and 1100 credentials still active months later. the cleanup cost for those teams must be astronomical. lockfile pinning should be default not optional
Olga the fact that 33% had LLM clients with elevated permissions tells you everything. AI coding tools are the new attack surface and nobody is securing them