When malicious packages infiltrated Arch Linux's User Repository, volunteer maintainers raced against time to contain a two-wave attack delivering Chaos RAT malware. This forensic analysis reveals critical lessons about open-source supply chain vulnerabilities and the hidden complexities of purging toxic code from git-based systems.