Toptal’s GitHub Hijack: Malicious NPM Packages Steal Tokens and Wipe Systems

Hackers breached Toptal’s GitHub account to unleash ten malware-laden packages on NPM, including Picasso. These packages, designed to steal data and wipe systems, were downloaded 5,000 times before detection. While Toptal swiftly deprecated the malicious packages, they have yet to issue a public statement.

3P
Published: July 24, 2025 1:27 pmAdded: July 24, 2025 at 6:52 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Oops, they did it again! Hackers strike Toptal’s GitHub, proving that even top talent needs a little extra security TLC. Who knew malicious packages were the latest trend in developer nightmares?

Key Points:

  • Hackers gained access to Toptal’s GitHub, publishing 10 malicious packages on NPM.
  • The packages contained code to steal GitHub authentication tokens and wipe systems.
  • Over 5,000 downloads of the malicious packages occurred before detection.
  • Attackers used ‘preinstall’ and ‘postinstall’ scripts to execute their dastardly plan.
  • Toptal deprecated the malicious packages but has yet to make a public statement.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?