Since November 24th, 2025, the software development community has been responding to the resurgence of Sha1-Hulud-a self-replicating npm worm that has evolved into a threat known as Sha1-Hulud 2.0. This supply chain attack has compromised hundreds of npm packages, affecting various organizations across the technology sector. Fireblocks identified suspicious activity associated with this campaign in our non-production systems and launched an investigation. We learned that an unauthorized party accessed and obtained certain support ticket data from our 3rd party customer support provider.
Importantly, no customer funds were accessed, and our platform remains operational and protected.
Immediately upon detection, we implemented a number of containment measures, including credential and key rotation, termination of unauthorized access, and enhanced security hardening across our infrastructure. We continue to investigate this issue with the help of leading forensics experts, and we have notified law enforcement.
We are proactively contacting affected customers. You can find what we shared with them down below, including steps we took to contain the issue and recommended actions.
Subject: Important Security Update
Dear Customer,
We’re writing with a security update on an issue we initially addressed in a help center article last month. We believe this update requires your attention.
Fireblocks identified suspicious activity in our non-production systems and launched an investigation. We determined that an unauthorized party accessed and obtained certain support ticket data from our 3rd party customer support provider. Importantly, no customer funds were accessed, and our platform remains operational and protected.
Immediately upon detection, we implemented a number of containment measures, including credential and key rotation, termination of unauthorized access, and enhanced security hardening across our infrastructure. We continue to investigate this issue with the help of leading forensics experts, and we have notified law enforcement.
As an immediate measure, we ask you to remain vigilant for any suspicious communications or unusual activity that may attempt to leverage information from this incident.
Security is a top priority at Fireblocks, and we remain fully committed to our customers. We recognize that trust is earned every day, and we deeply appreciate the confidence you have placed in us and your long-standing partnership.
Please refer to the help center article for more details and recommended next steps. In addition, we will be hosting a webinar on December 11 at 10:00am ET to share more information about the incident. Join us here.
For any questions, please contact Fireblocks Support via your Slack channel or contact your CSM before taking any action.
Sincerely,
Michael Shaulov
