Hackers Exploit Ethereum Smart Contracts to Spread Malware via NPM Packages
ReversingLabs reports a new attack vector where hackers embed malicious commands in Ethereum smart contracts, distributing malware via compromised NPM libraries and deceptive GitHub projects.
ETH
SOL
Fact Check
The statement is strongly confirmed by multiple credible cybersecurity news outlets and research firms, including Checkmarx, The Hacker News, and ReversingLabs. The evidence consistently describes a supply chain attack where malicious NPM packages utilize Ethereum smart contracts to distribute malware or retrieve command-and-control (C2) information, with specific examples of packages provided.
Summary
According to cybersecurity firm ReversingLabs, hackers are exploiting Ethereum smart contracts to host malicious commands, distributing malware through compromised NPM packages like 'colortoolsv2'. The attack involves fake GitHub projects, such as a 'solana-trading-bot-v2', to trick developers. This new software supply chain attack method highlights a growing trend, with a Global Ledger report indicating hackers stole $3 billion in crypto during the first half of 2025.
Terms & Concepts
- Ethereum Smart Contract: Self-executing code deployed on the Ethereum blockchain that runs automatically when predefined conditions are met.
- Node Package Manager (NPM): A widely used package manager for JavaScript, often targeted by attackers to distribute malicious software.
- Software Supply Chain Attack: A cyberattack that targets less-secure elements in an application's development process, such as third-party libraries or packages, to inject malicious code.