Security researchers have identified a major supply chain attack on the npm registry, involving over 150,000 functionless packages linked to a coordinated token farming campaign. The malicious packages, connected to the tea.xyz protocol, were created to automatically generate and publish to earn cryptocurrency rewards. Unlike traditional malware attacks, this scheme exploits reward-based systems by stealing TEA tokens, which are expected to gain significant value when the Tea Protocol launches its Mainnet, where they can be traded. The incident has raised concerns about the security of open-source development ecosystems and the potential for cybercriminals to exploit reward systems for financial gain.
Amazon Inspector security researchers, using a new detection rule and AI assistance, initially flagged the suspicious packages in late October. By November 12, the team had identified over 150,000 malicious packages across multiple accounts. These packages were linked to a coordinated tea.xyz token farming campaign. The attack involved creating self-replicating packages that automatically generated and published, earning cryptocurrency rewards on the backs of legitimate open-source developers. The malicious code included tea.yaml files that linked these packages to attacker-controlled blockchain wallet addresses. While TEA tokens currently have no value, experts suspect that the threat actors are positioning themselves to receive real cryptocurrency tokens when the Tea Protocol launches its Mainnet.
In an interview on Friday, an executive at Sonatype, a software supply chain management provider, noted that the number of packages has now grown to 153,000. The CTO of Sonatype, Brian Fox, expressed concern that the worm is still not under control. He stated that while this payload only steals tokens, other threat actors are paying attention, and it’s possible that someone could exploit this rapidly replicating worm to deliver malware. Sonatype had previously reported on the campaign in April 2024, identifying a mere 15,000 packages. With the current scale, Amazon researchers described it as ‘one of the largest package flooding incidents in open source registry history, and represents a defining moment in supply chain security.’