Security Alert | NX Compromised to Steal Wallets and Credentials

Over 1,400 GitHub users discovered a new repository named "s1ngularity-repository" created in their accounts due to a malicious post-install command from the nx build kit, which was designed to steal sensitive data such as wallets and API keys, storing them in a results.b64 file. This incident, which exploited a vulnerability in the auto-update feature of the NX Console Extension for VSCode, led to the exposure of credentials and necessitated immediate credential rotation to prevent further attacks. The compromised versions of the nx build system were published on August 26, 2025, but have since been removed by npm, with GitHub taking actions to deactivate and delist affected repositories. Developers are urged to check for any usage of the affected nx versions and rotate their credentials, including those for npm and GitHub, while the nx team has deprecated the malicious versions and improved security measures, such as requiring 2FA for npm package publishing. The incident highlights the importance of regularly monitoring GitHub organizations for security and staying informed on updates from official advisories.