Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
  • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Podcasts
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Podcasts
Follow US
© 2026 By Crypto Times. All Rights Reserved.
Market News

Ethereum Devs Targeted by Malware Hidden in Smart Contracts

ReversingLabs found two NPM packages hiding malicious URLs in Ethereum smart contracts.

Written By Pari Shukla Pari Shukla
Fact Checked by Dhara Chavda Dhara Chavda
Published September 4, 2025 5:23 PM
Make The Crypto Times preferred on GoogleGoogle
Share
Ethereum Devs Targeted by Malware Hidden in Smart Contracts

Hackers have found a new method to hide malicious software, commands, and links within Ethereum smart contracts to avoid detection by security scans, as attacks targeting code repositories become more advanced. 

ReversingLabs cybersecurity researchers have discovered two fake JavaScript packages, named “colortoolsv2” and “mimelib2,” in the Node Package Manager (NPM). 

These packages, added in July, trick security systems by hiding their malicious instructions inside Ethereum smart contracts. In a blog post published on Wednesday, ReversingLabs researcher Lucija Valentić revealed that these packages function as downloaders, extracting command and control server addresses from Ethereum blockchain smart contracts. 

Once installed, the packages query the blockchain to fetch URLs for downloading second-stage malware, which delivers the malicious payload. This approach makes detection challenging, as blockchain traffic appears legitimate, masking the malicious activity. 

Hackers are using Ethereum Smart Contracts in a new tactic

Hackers, including the North Korean-linked Lazarus Group, have used Ethereum smart contracts before to spread harmful software, or malware. However, ReversingLabs researcher Lucija Valentić has explained that this new tactic is different. 

Now, hackers are hiding web addresses (URLs) inside Ethereum smart contracts. These URLs direct victims to download harmful software onto their devices. The attack is a new trick that hasn’t been seen before, and it’s harder for security systems to catch because it uses the blockchain in a sneaky way. 

Valentić says the incident shows how quickly hackers are finding new ways to avoid detection while targeting developers and open-source code platforms. This malware is part of a larger scam on GitHub, where hackers create fraudulent projects for cryptocurrency trading bots. 

To make these projects look real, they add fake updates, create fake user accounts, use multiple fake maintainers, and include professional-looking descriptions. The misleading information tricks developers into trusting and downloading the malicious software. 

In 2024, security experts found 23 scams involving cryptocurrencies on open-source code platforms, where hackers hid malicious software. According to Valentić, this new type of attack reveals that the scams are becoming more sophisticated. 

Further, in April, hackers created a fake GitHub project pretending to be a Solana trading bot, which secretly installed malware to steal cryptocurrency wallet information. They also targeted “Bitcoinlib,” a tool that helps developers work with Bitcoin, showing how hackers are attacking different platforms to steal from users.

Also Read: World Liberty Financial Blocks Hacking Attempts on Token Launch

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News
Google News Banner

TAGGED:Crypto HackEthereum (ETH)
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

Demo Live
Prediction Market Fight May Reach Supreme Court CFTC Chair Selig
Prediction Market Fight May Reach Supreme Court: CFTC Chair Selig
Anchorage Bets Big on AI Economy With New Banking Model
Anchorage Bets Big on AI Economy With New Banking Model
Tapnob Rolls Out Crypto-to-Naira Payment Platform in Nigeria
Tapnob Rolls Out Crypto-to-Naira Payment Platform in Nigeria
Clarity Act on Fast Track Senator Moreno Sets July 4 Deadline
Clarity Act on Fast Track? Senator Moreno Sets July 4 Deadline

Find Us on Socials

You may also like

Crypto Market Today Utya, Dogs, LAB Top Gainers as Bitcoin Reclaims $81K

Crypto Market Today: Utya, Dogs, LAB Top Gainers as Bitcoin Reclaims $81K

Rep. Horsford Says Crypto Tax Bill Is Foundation as CLARITY Stalls

Rep. Horsford Says Crypto Tax Bill Is Foundation as CLARITY Stalls

$295M Hack Fallout: Drift Protocol Rolls Out User Recovery Plan

$295M Hack Fallout: Drift Protocol Rolls Out User Recovery Plan

Just 0.1% of Polymarket accounts captured 67% of all profits WSJ

Just 0.1% of Polymarket accounts captured 67% of all profits: WSJ

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Podcasts

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information