Record Supply Chain Attack: 150,000+ Malicious npm Packages Flooded Registry for Token Farming Rewards

In one of the largest open-source supply chain incidents ever recorded, Amazon Inspector security researchers have uncovered over 150,000 malicious npm packages linked to a coordinated tea.xyz token farming campaign, a scale that dramatically surpasses anything previously observed in open-source registries.

This event marks “one of the largest package flooding incidents in open source registry history”, signaling a defining turning point in software supply chain security.

The campaign was engineered not to distribute malware, but to exploit blockchain-based rewards from tea.xyz. Through automated tools, threat actors created and published vast numbers of low-quality packages designed to artificially inflate developer metrics.

The report highlights that the attackers used “self-replicating automation that creates packages without legitimate functionality”, and systematically embedded tea.yaml files linking packages to blockchain wallets.

Unlike traditional malicious packages that steal credentials or install backdoors, these instead polluted the npm ecosystem at unprecedented scale, revealing a new type of monetization-driven threat where attackers abuse package ecosystems for financial gain.

AWS used a hybrid detection method combining advanced rules with AI insights.

• October 24, 2025: Amazon Inspector researchers deployed a new AI-enhanced detection rule.
• Within days, they began flagging suspicious patterns tied to the tea.xyz protocol.
• By November 7, thousands of packages were identified.
• By November 12, more than 150,000 malicious packages had been uncovered.

As stated in the report, “the operation continued through November 12, ultimately uncovering over 150,000 malicious packages.”

The collaboration between Amazon Inspector security researchers and OpenSSF revealed:

• Over 150,000 malicious npm packages
• Automated self-cloning of packages to maximize reward extraction
• Packages created with no functional code, only metadata for blockchain profit
• Inclusion of tea.yaml files to tie each package to wallet addresses
• Coordinated publishing across multiple developer accounts

These packages exploited the tea.xyz reward system by inflating contribution metrics—without adding any value to the open-source ecosystem.

The report explains that attackers “exploit the tea.xyz reward mechanism by artificially inflating package metrics through automated replication and dependency chains.”

The report states this campaign represents “a concerning evolution in supply chain security”, where the misuse of reward systems can cause:

• Registry pollution, degrading the quality and trust of open-source ecosystems
• Resource exploitation, consuming infrastructure at npm and other registries
• Normalization of automated abuse, encouraging copycat actors
• Dependency-based supply chain risk, even if no malware is present

Even benign-looking packages can cause dependency confusion, version conflicts, or ecosystem instability.

The Amazon Inspector research team developed pattern-matching logic supplemented by AI, enabling them to catch nontraditional threats at scale. Their detection focused on:

• Packages containing tea.yaml config files
• Cloned or minimal code with no real functionality
• Predictable auto-generated naming patterns
• Circular dependency chains
• Rapid publishing bursts from multiple accounts

The report notes, “By monitoring publishing patterns, the researchers revealed coordinated campaigns that used automated tooling to create packages at automated speeds.”

Related Posts:

• Critical RCE in MCP Inspector Exposes AI Devs to Web-Based Exploits (CVE-2025-49596)
• CVE-2025-49596: Critical RCE Vulnerability in MCP Inspector Exposes AI Developer Environments
• North Korean IT Workers Indicted in Elaborate “Laptop Farm” Scheme to Evade Sanctions
• Dark Web Identity Farming Operation Exposed: A Sophisticated KYC Fraud
• Cybersecurity Concerns Loom Over Drinking Water Systems, Says EPA Inspector General Report