Most supply chain attacks don’t come with an entry fee and a prize pool. The one TeamPCP launched targeting GitHub repositories in May 2026 did. What started as a forum post offering $1,000 in Monero grew into an organized contest against the software supply chain, with rules posted, tooling provided, a self-replicating worm thrown in for free. By the end, roughly 3,800 private GitHub repositories were listed for sale.
Executive Summary
In May 2026, TeamPCP, working jointly with the administrators of BreachForums, launched what they called a “Supply Chain Competition,” an initiative explicitly designed to incentivize and crowdsource supply-chain attacks. To maximize participation, the organizers open-sourced the Shai Hulud worm, hosted it directly on the forum’s CDN, and made its use a requirement for entry.
Weeks later, the same group announced it had gained access to GitHub source code and around 4,000 private repositories, putting the data up for sale starting at $50,000. GitHub confirmed a breach of roughly 3,800 internal repositories, tracing the root cause to an employee who installed a malicious version of the Nx Console extension, which was compromised through an npm supply-chain attack. The two events, weeks apart, are a single story about how cheaply and quickly the open-source ecosystem can be weaponized.
The Competition: Crowdsourcing Compromise
Most supply-chain attacks are the work of a single actor or crew. TeamPCP flipped that model, inviting anyone with an internet connection and bargain-bin ethical standards to join in. By offering both a financial incentive and the exact tooling needed to carry out an attack, they removed nearly every barrier to entry.
The mechanics were simple:
- Cash on the line: $1,000 in Monero to whoever compromised the most widely downloaded packages, directly rewarding scale and impact.
- Mandatory tooling: Entrants were required to use the “Shai Hulud” worm, hosted on the forum’s own CDN, ensuring a consistent and capable attack method across all participants.
- Forum-backed legitimacy: Co-organized with BreachForums administrators, lending the contest reach and credibility within the underground community.
Instead of one group attempting supply-chain compromise, TeamPCP effectively recruited their own volunteer army, armed them identically, and pointed them at the open-source ecosystem all at once.
The Fallout: Understanding the GitHub Breach
On May 19th, TeamPCP announced access to roughly 4,000 private repositories, listing the data on an underground forum starting at $50,000. GitHub later confirmed about 3,800 internal repositories were breached. The chain of compromise:
- An upstream npm supply-chain attack on TanStack: the initial breach, which affected dozens of npm packages, including one used by a popular VS Code extension.
- A trojanized Nx Console extension: a GitHub employee installed the compromised version of the extension, giving attackers a foothold on an internal device.
- Stolen CI/CD credentials: from there, the attack spread to other projects using stolen continuous-integration and deployment credentials, amplifying the blast radius well beyond the initial package.
GitHub responded by removing the trojanized extension from the VS Code marketplace and securing the compromised device. But the damage was already done. From a poisoned npm package to the exfiltration of thousands of private repositories, TeamPCP’s competition achieved exactly what it set out to do: compromise the open-source pipeline at scale.
Why Open-Source Ecosystems Are A Top Target
GitHub wasn’t the only target. RubyGems (the primary package manager for Ruby) temporarily suspended new account registrations last month following a coordinated malicious campaign. Automated bot accounts published over 500 malicious junk packages, while researchers identified a novel campaign dubbed “GemStuffer” that abused the registry as a dead-drop data-exfiltration channel. Rather than distributing malware, GemStuffer used malicious gems to store data scraped from U.K. government council portals, bypassing the need for dedicated command-and-control infrastructure entirely.
Different actors, same pattern: attackers are creatively weaponizing the open-source ecosystems that the entire software industry depends on, whether as a distribution channel, an exfiltration medium, or, in TeamPCP’s case, the playing field for a crowdsourced race to cause maximum damage.
Lessons for Security Teams
Assume the supply chain is being actively targeted, not opportunistically hit. When attackers are paying bounties to poison packages, the threat model has changed. Plan for coordinated, incentivized campaigns, not just one-off compromises.
Treat CI/CD credentials as crown jewels. The GitHub breach spread through stolen continuous-integration and deployment credentials. Rotate them aggressively, scope them tightly, and monitor for anomalous use.
Vet developer tooling as a supply-chain risk. A single trojanized editor extension was the entry point. Maintain an inventory of approved IDE and editor extensions, and treat the developer endpoint as a high-value target.
Monitor dependency and registry integrity. With registries being abused for both malware distribution and data exfiltration, validate the provenance and integrity of the packages you pull, don’t assume a registry’s trust extends to every package on it.
TeamPCP’s bounty program is just one of several supply-chain stories in this month’s report. Download the full May 2026 Cyber Threat Intelligence Report for the complete analysis, related incidents, and the indicators your team needs.