Home / Companies / Socket / Blog / Post Details
Content Deep Dive

TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks

Blog post from Socket

Post Details
Company
Date Published
Author
Sarah Gooding
Word Count
710
Company Posts That Month
27
Language
English
Hacker News Points
-
Summary

TeamPCP, a group known for targeting security tools and critical open-source infrastructure, is promoting a competition on BreachForums that incentivizes participants to compromise open-source packages using Shai-Hulud, an open-source attack tool they released. The contest offers a $1,000 reward in Monero for participants who can achieve the most significant compromises, judged by download counts of affected packages, which can include both high-impact single targets and a combination of smaller ones. Despite the seemingly small reward for the level of access required—potentially exposing sensitive CI/CD secrets, cloud credentials, and downstream enterprise environments—the competition acts as a recruitment strategy for lower-tier actors, turning the supply chain compromise into a leaderboard for recognition. This move has been criticized as a public stunt that trivializes modern security efforts and encourages copycat attacks, further burdening maintainers and security teams already grappling with persistent open-source supply chain vulnerabilities.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Secrets Management 2 2,152 360 101 +18%