Coin info
Rank
Market Cap
Volume (24h)
Circulating Supply
Total Supply
Do you think the price will rise or fall?
Rise 40%
Fall 60%
Price perfomance
$0.00
0%
$∞
Range 24H
$∞
Depth of Market
Depth +2%
Depth -2%
Rise 40%
Fall 60%
$11.94
#163
$460,185,486
$93,488,175
37,959,512.78
100,000,000
Rank #163
$12.1
+2.52%
Rank #177
$0.1546
+1.41%
Rank #190
$0.2347
-7.71%
Rank #216
$0.1630
+0.29%
Rank #412
$0.005548
-13.39%
Rank #757
$0.009109
-40.75%
Rank #3124
$0.002485
-6.16%
Rank #3651
$0.007342
-2.42%
Rank #4022
$0.01005
+2.79%
Rank #15143
$0.003978
+0%
Rank #28081
$0.003141
-26.63%
Rank #28611
$0.9302
-2.83%
The Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. ENS’s job is to map human-readable names like ‘alice.eth’ to machine-readable identifiers such as Ethereum addresses, other cryptocurrency addresses, content hashes, and metadata. ENS also supports ‘reverse resolution’, making it possible to associate metadata such as canonical names or interface descriptions with Ethereum addresses. ENS has similar goals to DNS, the Internet’s Domain Name Service, but has significantly different architecture due to the capabilities and constraints provided by the Ethereum blockchain. Like DNS, ENS operates on a system of dot-separated hierarchical names called domains, with the owner of a domain having full control over subdomains. Top-level domains, like ‘.eth’ and ‘.test’, are owned by smart contracts called registrars, which specify rules governing the allocation of their subdomains. Anyone may, by following the rules imposed by these registrar contracts, obtain ownership of a domain for their own use. ENS also supports importing in DNS names already owned by the user for use on ENS. Because of the hierarchal nature of ENS, anyone who owns a domain at any level may configure subdomains - for themselves or others - as desired. For instance, if Alice owns 'alice.eth', she can create 'pay.alice.eth' and configure it as she wishes. ENS is deployed on the Ethereum main network and on several test networks. If you use a library such as the ensjs Javascript library, or an end-user application, it will automatically detect the network you are interacting with and use the ENS deployment on that network.
24 Nov 2025, 18:28
A massive JavaScript-based Node Package Manager (npm) supply-chain attack has infiltrated code libraries connected to the Ethereum Name Service (ENS) and hundreds of older software packages, with over 10 widely used across the crypto ecosystem, according to cybersecurity firm Aikido Security. Charlie Eriksen, a malware researcher at the security firm, disclosed that the supply-chain malware known as “Shai-Hulud: The Second Coming” has infected hundreds of packages and more than 25,000 GitHub repositories. According to the findings, threat actors have embedded this malicious code into over 490 npm packages with more than 132 million monthly downloads, including prominent ones from ENS , Zapier, AsyncAPI, Browserbase, and Postman. Shai-Hulud 2.0: A new wave of npm supply-chain attacks targeting major packages (Zapier, ENS, PostHog, Postman & more) is ongoing. Attackers inject malicious code into published versions, triggering during pre-install to gain code execution and exfiltrate environment vars,… — Charles Guillemet (@P3b7_) November 24, 2025 “If a developer installs one of these bad packages, the malware quietly runs during installation, before anything even finishes installing,” Eriksen said. How the Shai-Hulud Supply-Chain Malware Works As described by Akido security, the Shai-Hulud malware gains access to the developer’s machine or cloud environment during installation. It then deploys an automated tool called TruffleHog to scan for sensitive data, including passwords, API keys, cloud tokens, and GitHub or NPM credentials. Any discovered information is then uploaded to a public GitHub repository titled “Shai-Hulud: The Second Coming.” If the stolen credentials include access to code repositories or package registries, attackers can leverage them to breach additional accounts and distribute more malicious packages, allowing the attack to propagate further. Evolution from September’s Attack The initial Shai-Hulud breach occurred in early September, marking the largest npm attack on record at the time, with hackers stealing $50 million in cryptocurrency. Ledger hardware wallet noted that this first attack was followed by the Shai Hulud worm spreading autonomously a week later. However, the infiltration method for this second wave appears substantially different. The “Shai-Hulud: The Second Coming” first installs Bun via the file setup_bun.js , then uses it to execute bun_environment.js , which contains the actual malicious code. Source: Aikido Blog It creates randomly named repositories with stolen data rather than using hardcoded names, and can infect up to 100 npm packages compared to 20 in the previous attack. Self-Propagating Malware Exposes Blind Spot in NPM Packages Charles Guillemet, Chief Technology Officer at crypto hardware wallet Ledger, alerted the community that the malware also targets API keys, Git credentials, and CI/CD secrets, then quietly exfiltrates everything. “If you use affected packages: PLEASE check this carefully: consider your credentials and secrets compromised, audit your infrastructure, and rotate your credentials,” he cautioned. Ledger CTO warned to "AVOID ON-CHAIN TRANSACTIONS" after a JavaScript supply chain attack compromised NPM packages with over 1B downloads. #JavaScript #crypto https://t.co/JjT23tk8CG — Cryptonews.com (@cryptonews) September 8, 2025 He urged that anyone without close CI monitoring might consider shutting down their systems. Florian Roth, Head of Research at Nextron Systems, also added that it’s becoming increasingly easy for threat actors to inject malware into sensitive systems due to blind spots in NPM packages. According to his assessment , the industry previously fought malware at the OS level, but now the same behavior occurs one layer up, inside the software ecosystems people trust every day. We used to fight worms on the OS level. Slammer, Blaster, Conficker.. all that stuff Now we get the same behaviour one layer up – inside the software ecosystems we trust every day NPM tokens, transitive deps, weak account hygiene, zero visibility… and suddenly a… pic.twitter.com/6aSNEL4c32 — Florian Roth (@cyb3rops) November 24, 2025 “NPM tokens, transitive deps, weak account hygiene, zero visibility… and suddenly a self-propagating worm runs through the supply chain like it’s 2003 again.” He concluded that the recent Shai Hulud breach reveals the real blind spot is in package ecosystems acting as execution surfaces. “Nobody monitors them, nobody hardens them, and attackers don’t even need an exploit to make them go wild,” he said. JP Richardson, CEO of Exodus, the first public company in the U.S. to tokenize stocks on the blockchain , also questioned Microsoft for making it “easy” for threat actors to propagate malware. In a November 24 post , Richardson said, “What I don’t understand [is] why Microsoft (npm owner) is not moving fast enough to detect these attacks.” He believes any package that has a pre-install or post-install script added should display warnings to everyone on the npm site and before package installation. The post Massive NPM Supply-Chain Attack Targets ENS-Linked Libraries in Shai Hulud Breach appeared first on Cryptonews .
24 Nov 2025, 12:23
The Shai Hulud malware has compromised over 400 NPM libraries, including at least 10 crypto-related packages mostly linked to Ethereum Name Service (ENS), in a major JavaScript supply-chain attack. This self-replicating threat steals credentials, potentially exposing wallet keys in developer environments, as identified by Aikido Security researcher Charlie Eriksen. Over 400 NPM packages infected: Includes [...]
24 Nov 2025, 12:14
A researcher warned that more than 400 NPM libraries — including at least 10 crypto packages, mostly tied to ENS — were compromised by the Shai Hulud malware.
22 Nov 2025, 15:28
The attack did not compromise the underlying smart contracts, but users are advised to avoid the compromised domains and instead use decentralized ENS domains.
