Crypto Hackers are Now Using Ethereum Smart Contracts to Mask Malware Payloads
Ethereum has become the latest front for software supply chain attacks.
Researchers at ReversingLabs earlier this week uncovered two malicious NPM packages that used Ethereum smart contracts to conceal harmful code, allowing the malware to bypass traditional security checks.
NPM is a package manager for the runtime environment Node.js and is considered the world’s largest software registry, where developers can access and share code that contributes to millions of software programs.
The packages, “colortoolsv2” and “mimelib2,” were uploaded to the widely used Node Package Manager repository in July. They appeared to be simple utilities at first glance, but in practice, they tapped Ethereum’s blockchain to fetch hidden URLs that directed compromised systems to download second-stage malware.
By embedding these commands within a smart contract, attackers disguised their activity as legitimate blockchain traffic, making detection more difficult.
“This is something we haven’t seen previously,” ReversingLabs researcher Lucija Valentić said in their report. “It highlights the fast evolution of detection evasion strategies by malicious actors who are trolling open source repositories and developers.”
The technique builds on an old playbook. Past attacks have used trusted services like GitHub Gists, Google Drive, or OneDrive to host malicious links. By leveraging Ethereum smart contracts instead, attackers added a crypto-flavored twist to an already dangerous supply chain tactic.
The incident is part of a broader campaign. ReversingLabs discovered the packages tied to fake GitHub repositories that posed as cryptocurrency trading bots. These repos were padded with fabricated commits, bogus user accounts, and inflated star counts to look legitimate.
Developers who pulled the code risked importing malware without being aware of it.
Supply chain risks in open-source crypto tooling are not new. Last year, researchers flagged more than 20 malicious campaigns targeting developers through repositories such as npm and PyPI.
Many were aimed at stealing wallet credentials or installing crypto miners. But the use of Ethereum smart contracts as a delivery mechanism shows adversaries are adapting quickly to blend into blockchain ecosystems.
A takeaway for developers is that popular commits or active maintainers can be faked, and even seemingly innocuous packages may carry hidden payloads.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Economic Truth: AI Drives Growth Alone, Cryptocurrency Becomes a Political Asset
The article analyzes the current economic situation, pointing out that AI is the main driver of GDP growth, while other sectors such as the labor market and household finances are in decline. Market dynamics have become detached from fundamentals, with AI capital expenditure being key to avoiding a recession. The widening wealth gap and energy supply are becoming bottlenecks for AI development. In the future, AI and cryptocurrencies may become the focus of policy adjustments. Summary generated by Mars AI This summary was generated by the Mars AI model, and its accuracy and completeness are still in the process of iterative improvement.
AI unicorn Anthropic accelerates IPO push, taking on OpenAI head-to-head?
Anthropic is accelerating its expansion into the capital markets, initiating collaboration with top law firms, which is seen as an important signal toward going public. The company's valuation is approaching 300 billions USD, and investors are betting it could go public before OpenAI.
Did top universities also get burned? Harvard invested $500 million heavily in bitcoin right before the major plunge
Harvard University's endowment fund significantly increased its holdings in bitcoin ETFs to nearly 500 million USD in the previous quarter. However, in the current quarter, the price of bitcoin subsequently dropped by more than 20%, exposing the fund to significant timing risk.
The Structural Impact of the Next Federal Reserve Chair on the Cryptocurrency Industry: Policy Shifts and Regulatory Reshaping
The change of the next Federal Reserve Chair is a decisive factor in reshaping the future macro environment of the cryptocurrency industry.
Trending news
MoreCrypto prices
More
