A supply-chain breach has infected over 490 npm packages recording 132 million monthly downloads, targeting libraries linked to Ethereum Name Service, Zapier, and other cryptocurrency platforms, according to Aikido Security. The malware steals developer credentials and GitHub tokens during installation. If stolen credentials provide access to code repositories, attackers can breach additional accounts and distribute more compromised packages, enabling autonomous spread.

A supply chain attack on the NPM ecosystem has infected more than 400 JavaScript packages, including at least 10 crypto libraries tied to Ethereum Name Service, according to Aikido Security. The malware collects credentials from compromised environments and has spread to over 25,000 repositories. Aikido Security disclosed the breach on Monday after detecting unusual activity across the JavaScript package registry.

North Korean operatives could be working at up to 20% of cryptocurrency companies, according to Pablo Sabbatella, founder of Web3 audit firm Opsek and Security Alliance member. Between 30% and 40% of job applications at crypto firms may come from such operatives, who use stolen identities and freelance platforms to gain employment. The threat extends beyond financial theft to unauthorized access to critical infrastructure supporting major platforms.

Jack Mallers, chief executive of Strike, said JPMorgan Chase terminated his personal banking accounts last month without advance notice. The bank cited "concerning activity" but declined to provide specifics, telling Mallers it was "not allowed" to disclose details. The closure has renewed debate over whether banks continue to restrict services for cryptocurrency industry executives.

Hong Kong's monetary authority has received approximately 80 applications for stablecoin issuer licenses, with only a limited number expected to gain approval in early 2026. The jurisdiction has become the first to mandate that stablecoin reserves consist exclusively of High Quality Liquid Assets. The framework follows several digital asset scandals and establishes centralized oversight under the Hong Kong Monetary Authority.

Decentralized finance lending totaled $40.99 billion at the end of the third quarter, a 54.84% quarterly increase, according to Galaxy Digital's research team. Combined with centralized platforms, total crypto-collateralized loans climbed to $65.37 billion, surpassing the previous record of $53.44 billion from Q4 2021. DeFi's market dominance over centralized venues rose to 62.71% by quarter-end.

Vibe coding enables users to build and deploy applications through natural language commands rather than traditional coding. Eric Chen, cofounder of Injective, said the protocol's iBuild platform allows developers and non-developers to create functional web3 applications within minutes using AI-powered tools. Industry surveys indicate approximately 75% of developers at early-stage startups now incorporate vibe coding into their workflows, with more than half reporting delivery velocity increases of at least 30%.

Wormhole Labs has launched Sunrise, a liquidity gateway designed to facilitate seamless transfers of external assets to the Solana network. The platform debuts with support for Monad's MON token, which begins trading tomorrow. Sunrise utilizes Wormhole's Native Token Transfers framework to provide unified liquidity across Solana-based decentralized exchanges.