Hackers compromised Toptal's GitHub organization, weaponizing their trusted Picasso design system to publish ten malicious npm packages that stole GitHub tokens and wiped developer machines. With 5,000 downloads before detection, this breach highlights critical vulnerabilities in open-source supply chains. The attackers' sophisticated preinstall/postinstall scripts demonstrate evolving threats to developer ecosystems.