s1ngularity Supply Chain Attack Compromises Nx Build System Exposing Over 1,000 Developer Credentials

On August 26, 2025, the cryptocurrency and software development communities were rocked by one of the most sophisticated supply chain attacks in recent memory. Dubbed s1ngularity, the attack targeted the widely used Nx build system, publishing malicious versions to the npm registry that silently harvested cryptocurrency wallets, GitHub tokens, SSH keys, and cloud credentials from thousands of developers worldwide.

The attack’s timing was particularly devastating, coinciding with a period of heightened market volatility as Bitcoin traded near $111,800 and Ethereum hovered around $4,600. With developers actively managing crypto portfolios and project treasuries, the stolen wallet data represented potentially millions in at-risk digital assets.

The Exploit Mechanics

The attackers exploited a critical flaw in the Nx repository’s GitHub Actions workflow. The vulnerability stemmed from an unsanitized pull request title combined with the pull_request_target trigger, which granted elevated permissions through a GITHUB_TOKEN with read/write access. By submitting a malicious PR title, attackers achieved arbitrary command execution within the repository’s CI/CD pipeline.

Once inside, the attackers published eight compromised versions of the Nx package: versions 20.9.0 through 20.12.0 and 21.5.0 through 21.8.0. Additional affected packages included @nrwl/nx, @nx/devkit, @nx/enterprise-cloud, @nx/eslint, @nx/js, @nx/key, @nx/node, and @nx/workspace.

Each compromised package contained a malicious telemetry.js file triggered via a post-install script. The payload executed exclusively on Linux and macOS systems, systematically searching for sensitive files including cryptocurrency wallets, keystores, .env files, and SSH keys. It also extracted active credentials by running gh auth token and reading .npmrc contents.

Perhaps most alarmingly, the malware weaponized AI command-line tools already installed on developer machines. By prompting tools like Claude, Gemini, and Q with dangerous flags such as --dangerously-skip-permissions and --yolo, the attack automated reconnaissance across hundreds of victim systems, using trusted AI assistants to exfiltrate filesystem contents.

The malware also attempted a lockout mechanism by appending sudo shutdown -h 0 to ~/.bashrc and ~/.zshrc, effectively causing system shutdowns on any new terminal session.

Affected Systems

The scale of the breach was staggering. Security researchers at Wiz documented over 1,000 valid GitHub tokens, dozens of valid cloud credentials and NPM tokens, and approximately 20,000 additional files leaked. Stolen data was double and triple-base64 encoded and uploaded to attacker-controlled GitHub repositories within victims’ own accounts, named s1ngularity-repository, s1ngularity-repository-0, or s1ngularity-repository-1.

In a devastating second phase beginning August 28, the attacker used previously compromised GitHub tokens to make victims’ private repositories public. Over 400 users and organizations were impacted, with more than 5,500 private repositories exposed to the public internet.

The malware ran both on individual developer machines, often through the Nx VSCode extension, and within build pipelines such as GitHub Actions, amplifying the blast radius significantly.

The Mitigation Strategy

GitHub responded on August 27 at 9:00 AM UTC by disabling all attacker-created repositories, but the exposure window of approximately eight hours was sufficient for data to be downloaded by the attacker and other malicious actors. The compromised npm packages were also removed from the registry.

Nx maintainers identified the root cause as a flawed GitHub Actions workflow and removed it from the master branch, though older branches retained the vulnerability. Organizations running Monsta FTP were also advised to update to version 2.11.3, which addressed a related RCE vulnerability discovered around the same date.

Lessons Learned

The s1ngularity attack reveals several critical security gaps that the crypto development community must address immediately. First, CI/CD pipeline security requires rigorous input sanitization, particularly when using pull_request_target triggers with write permissions. Second, post-install scripts in npm packages represent a persistent attack vector that demands greater scrutiny. Third, the weaponization of AI CLI tools introduces an entirely new threat surface that security teams must account for.

For cryptocurrency developers specifically, the attack underscores the importance of segregating development environments from wallet management. Hardware wallets, air-gapped key storage, and dedicated machines for signing transactions should be standard practice for anyone managing significant crypto assets.

User Action Required

If you or your organization used any affected Nx versions between August 26-29, 2025, take immediate action. Rotate all GitHub tokens, npm tokens, and SSH keys that were active during the exposure window. Check your GitHub repositories for any unfamiliar public repositories matching the s1ngularity naming pattern. Move all cryptocurrency assets from wallets that were accessible from compromised development machines to new, secure wallets. Audit your build pipelines for unauthorized changes and review all recent npm package installations for unexpected post-install scripts.

Disclaimer: This article is for informational purposes only and does not constitute financial or security advice. Always consult with qualified security professionals for incident response.