Shai-Hulud Hits 320 Packages, Polymarket Files Parlays, SEC Probes Prediction ETFs

Crypto News

A malware campaign nicknamed Shai-Hulud is propagating through the automated software pipelines developers rely on to publish and distribute code, raising fresh alarms about the integrity of open-source supply chains that underpin much of the modern internet, including the libraries powering large parts of the blockchain ecosystem. Security researchers have linked the campaign to roughly 320 compromised entries across the Node Package Manager (NPM) and PyPI repositories — the two largest distribution hubs for JavaScript and Python libraries. The affected packages collectively account for more than 518 million monthly downloads, an estimate that captures how widely the infection could ripple through downstream applications, build systems and developer environments worldwide.

The infection mechanism makes the campaign particularly hard to contain. Shai-Hulud abuses GitHub Actions and trusted publishing workflows, hijacking the automated trust signals that developers extend to upstream dependencies. Researchers say compromised libraries are not merely downloaded — they are installed, built against, tested, deployed and ultimately executed inside production environments. That execution loop hands attackers the same privileges as the developer, including access to credentials and tokens that can be used to publish further poisoned packages. Security professionals describe the result as a propagation network rather than a linear chain, with each compromise creating new vectors into downstream projects that trusted the original package.

Several of the largest names in artificial intelligence have already disclosed Shai-Hulud-related intrusions. Microsoft Threat Intelligence reported that attackers inserted malicious code into a Mistral AI package distributed via PyPI, with the payload masquerading as Hugging Face's widely used Transformers library to blend into machine-learning workflows. Mistral confirmed an affected developer device but said it had found no indication that its core infrastructure had been compromised. Two days later, OpenAI confirmed that the same campaign had infected two employee devices and granted attackers limited access to internal code repositories, though it found no evidence that customer data had been exposed in the breach.

In a separate development that highlights how rapidly on-chain and event-based markets are converging with regulated finance — including products adjacent to the DeFi stack — Polymarket filed with the Commodity Futures Trading Commission to list parlay-style sports contracts in the United States. The self-certification, lodged on Wednesday, signals that the prediction-market operator intends to begin offering combined event contracts as soon as May 21, 2026. Because the submission is self-certifying, Polymarket is not requesting permission so much as notifying the regulator of its intent to launch, a procedural pathway that has accelerated several novel derivatives listings this year.

The new instruments, formally described as combinatorial outcome contracts, function by bundling two or more underlying event contracts into a single position — a payout structure that mirrors the binary mechanics increasingly common in on-chain markets powered by AMM liquidity pools. Each leg must resolve to the user-specified outcome for the bundle to pay out. Per the filing, the contract resolves to $1.00 only if every leg is satisfied, and to $0.00 if any single leg fails, regardless of how the remaining legs settle. A second exhibit accompanying the submission was filed under a confidentiality request, citing potential trade secrets and commercially sensitive information.

On the same day, Securities and Exchange Commission Chairman Paul Atkins issued a statement confirming the agency is studying what an exchange-traded fund built around prediction markets might look like. Atkins noted that ETF assets have tripled over the past seven years and credited the structure with broadening investor access and capital formation. He acknowledged that several fund sponsors have voluntarily delayed the effectiveness of novel ETF filings — including event-contract products — while regulators review the implications, and said he has instructed staff to formally solicit public input on how the Commission should respond to the emerging category.

Taken together, the week's developments underline a maturation cycle in which crypto-adjacent infrastructure is colliding with the realities of mainstream finance and enterprise software security. Prediction markets are pushing into regulated derivatives venues just as supply-chain attacks expose how dependent the broader digital economy — from Bitcoin base-layer development to decentralized exchange tooling — has become on a small set of open-source maintainers. The dominant narrative is one of accelerating institutionalisation paired with sharpening operational risk: regulators are leaning into novel products while attackers exploit the same automated trust models that made rapid innovation possible.