ShadowFeed Weekly #1 | Web3 Security Intelligence
June 5 — June 11, 2026
ShadowFeed is a real-time Web3 security intelligence service for developers and security researchers. This weekly is the free edition. Pro ($29/mo) includes daily briefings, real-time alerts, and IOC data feeds.
🔥 Top Stories This Week
1. IronWorm: One npm install Infected 57 Repositories
IronWorm deployed 36+ malicious npm packages targeting Web3 developers. After stealing 86 environment variables, it used exfiltrated GitHub Tokens to push backdoor commits across 57 repositories in 9 organizations — with commit messages disguised as "fix: resolve lint warnings", making them nearly impossible to detect in code review.
Why it matters: Traditional security tools (npm audit, Snyk, Socket) only check the installation phase. IronWorm's self-replication bypasses this entirely. Your repo might already be infected, and npm audit will never tell you.
2. Humanity Protocol Drained for $36M: 7 Private Keys on One Device
Attackers gained control through 7 signing keys stored on a single device, siphoning $36M. One of the largest single private key compromise events in H1 2026.
Why it matters: H1 2026 DeFi losses from private key leaks have exceeded $885M — and the trend is accelerating.
3. Microsoft Official Repos Compromised: 70+ Azure/AI Projects Affected
Attackers obtained write access to Microsoft's GitHub organization, modifying at least 70 Azure and AI development tool open-source projects. Full impact still being assessed.
📊 By the Numbers
| Metric | Value |
|---|---|
| Major security incidents | 7 |
| Supply chain attacks | 3 (IronWorm / TrapDoor / Megalodon) |
| APT campaigns | 2 (UNK_DeadDrop DPRK / Reaper Mac malware) |
| DeFi private key losses | $36M+ (this week) / $885M+ (H1 2026) |
| Newly leaked secrets | 28.65M (2025, +34% YoY) |
🔍 Trend Analysis: From "Point Attacks" to "Surface Attacks"
The simultaneous emergence of IronWorm, TrapDoor, and Megalodon this week is no coincidence. They target three layers of the developer trust chain:
-
L1 Package Management (IronWorm/TrapDoor) →
npm install/pip installas the entry point - L2 Code Hosting (Megalodon) → GitHub Actions as the amplifier — 5,561 repos infected in 6 hours
- L3 AI-Assisted Coding (Claude Code Action) → AI Agents with unrestricted CI/CD access, triggered by anyone opening an Issue
Key insight: Attackers now understand that the Web3 developer trust chain extends from npm install through GitHub Actions to AI coding assistants — and each layer is less audited than the one before it.
My prediction: H2 2026 will see at least 3 supply chain incidents caused by AI coding assistant prompt injection. The fundamental tension between AI tool "usefulness" (requiring broad permissions) and "security" (requiring strict sandboxing) remains unresolved across all major products.
🛡️ Action Items for This Week
- Audit your repo commit history, not just your dependency list — your dependencies are a known attack surface; your commits are the unknown one:
git log --all --grep="resolve lint" --oneline
git log --all --grep="update workflow" --oneline
- Disable environment variable access in AI coding assistants — don't let AI Agents see your AWS keys:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # AI Agent needs this
AWS_ACCESS_KEY_ID: "" # Leave empty or use OIDC
- Stop using automerge — 30% of open-source projects use automerge, which is how Megalodon infected 5,561 repos in 6 hours. Review every PR manually, especially those modifying CI/CD configs.
📎 IOC Quick Reference
| Type | Indicator | Source |
|---|---|---|
| Malicious npm packages | weavedb-lite, arnext, roidjs, atomic-notes + 32 more | IronWorm |
| Cross-platform malware | token-usage-tracker (npm), git-config-sync (PyPI), sui-framework-helpers (Crates) | TrapDoor |
| Malicious repos | trixauvex/trixauvex, skyjum/x402-kit, Stomp47/rekt-db | UNK_DeadDrop |
| C2 server | 216.126.225.129:8443 | Megalodon |
| Attacker wallet | 0x7e28D9889f414B06c19a22A9Bd316f0AC279a4d6 | IronWorm |
Full IOC list with complete malicious package inventory, C2 domains, and attacker infrastructure details — available in ShadowFeed Pro.
ShadowFeed by onchain-shadow
🐦 @onchain-shadow
📦 Pro subscription: $29/month — coming soon
Top comments (0)