interview No good idea – like rewarding open source software developers and maintainers for their contributions – goes unabused by cybercriminals, and this was the case with the Tea Protocol and two token farming campaigns.
Both incidents gave the project’s founders a real-time view into how far – and fast – attackers will go to chase financial gain, and they helped shape “radical changes” that will roll out in the Tea network’s mainnet launch early next year, co-founder and CEO Tim Lewis told The Register.
The Tea Protocol was founded by Max Howell, who created open source package manager Homebrew, and Lewis, who established DEVxDAO, a non-profit that distributes grants to support decentralized computing projects, to reward open source developers and help secure software supply chains via financial incentives.
“When you think about the different package management ecosystems, they all have different gates in front of them, and none of them have been a financial gate,” Lewis said in an interview.
“There’s a human that sits in the front who has to be this gate, but it takes a toll on the human to go through all the data, and that’s only getting worse,” he said. “There’s the proliferation of the AI-induced pull requests, which are great, but that’s become like a DDoS attack.”
Last year, the duo rolled out the Tea Protocol testnet – essentially a test run for the incentives program that allows open source developers to earn cryptocurrency – specifically Tea tokens – for valuable code and fixes, while users can stake Tea to support specific projects and also earn rewards. A portion of the protocol rewards is shared with project maintainers and users who stake their tokens.
“Again, this was on a test network for fake internet points that could eventually potentially have some value,” Lewis said. “Our incentive for that period only lasted about three weeks.”
We got to watch this happen in real time, and we recognized how fast, how far people had gone to create scripts that have a worm-like behavior
In April 2024, the Tea team shut down the incentive program’s rewards after about 15,000 spammy packages flooded the npm registry to farm Tea points. These contained little or zero useful functionality, and were instrumented with “tea.yaml” metadata that linked back to Tea accounts in an attempt to inflate developers’ reputation and earn payouts.
“We got to watch this happen in real time, and we recognized how fast, how far people had gone to create scripts that have a worm-like behavior,” Lewis said.
Then it got worse. In 2025, the earlier Tea farming campaign grew into the IndonesianFoods and Indonesian Tea campaigns that polluted more than 1 percent of npm with spam packages. And in November, Amazon uncovered more than 150,000 malicious npm packages, all linked to another Tea token farming campaign, that the cloud giant described as “one of the largest package flooding incidents in open source registry history.”
“I view this as a canary in the coal mine,” Lewis said.
In these token farming campaigns, the fraudsters flooded registries with spam, as opposed to cryptocurrency- and other secret-stealing laced code – and neither of the latter two is hypothetical. North Korea’s Lazarus Group and other sophisticated attackers have previously targeted npm for these illicit purposes.
“When you are a destructive organization like Lazarus Group, there’s incentive to use this same techniques to attack [supply chains],” Lewis said. “So we need to fix the core.”
How to reward secure code and penalize spam
To this end, Tea’s founders are working to fix the protocol’s design to ensure that the incentives program can’t be abused when the mainnet launches in early 2026.
This involves requiring packages and projects to pass ownership and provenance checks, and ensuring contributions aren’t just automated spam. The Tea team is also designing monitoring features that will check for Sybil attacks and flag surges in low-quality package creation and suspicious identities.
If malicious-looking patterns are detected, the developer won’t receive rewards and their registrations will be quarantined, pending further review.
Additional key quality and security improvements will happen via integration with PKGW, which Howell wrote. It’s a package runner that creates a containerized environment for projects and manages developer tools across environments. PKGW verifies maintainers using cryptographic signatures and identity checks, and also evaluates their contributions to various projects for quality, along with security posture and dependencies.
This registry will integrate directly with Tea upon the protocol’s mainnet launch, and will auto-detect and penalize, if needed, spammy packages at the point of registration – not after – while rewarding maintainers for their legit contributions.
Automated SBOMs, bug bounties
In the future, Lewis says that this design will also allow enterprises to automate bug bounties, and SBOMs (software bills of materials) that provide an inventory of all the components found in a piece of software. This will make it easier for large companies to map out their dependencies, and then reward developers for fixing any critical security issues they find.
“Me, as an enterprise, I can set up a fund for $50,000 to the top 100 things that were problems in my ecosystem,” Lewis said. “As a maintainer, if I solve the problem, then via bounty mechanism, if I’ve registered my repository, I’m entitled to 20 percent of this bounty, and it’s my job to make sure that the code base is clean.”
In fact, several banking firms have already signed on to a pilot bounty program, and while Lewis won’t name names, each of these has pledged a $250,000 reward to better secure their open source code.
“Some CISO, somewhere, every day is looking at his tens of thousands of packages that he approved for use, and now he’s responsible for whether or not these things are secure,” Lewis said. “He can’t have all the people that work within his department spend all of their time trying to get some guy in Nebraska to review a pull request and get the critical bug for his architecture solved en masse. We’re hoping this creates a tool that allows that value distribution without impermanent loss en masse.”
Lewis’ goal, he says, is to see upwards of “millions of dollars a day, retrieved for issue completion.”
Project developers and maintainers write the fixes, and chief security officers can confirm to their boards of directors that their dependencies and critical code is secure. “Plus, the meantime for resolution for these issues comes down – and they are not funding groups like North Korea’s Lazarus,” he added.
In other words: Tea’s goal reaches fruition. Open source project maintainers get paid for their valuable work, code becomes more secure, financially motivated crews can’t game the system, and the world becomes a better place. ®