By using this site, you agree to the Privacy Policy and Terms of Use.
Accept

BTCRepublic: Timely News & Analysis for Smarter Trading.

  • ABOUT
  • DISCLAIMER
  • CONTACT
New Logo Black BTCRepublic BTCRebpublic-New White Logo
  • Guides
    • Bitcoin
    • Ethereum
    • Altcoins
    • Blockchain
    • DeFi
    • Mining
    • NFTs
    • Wallets
  • News
    • Bitcoin News
    • Ethereum News
    • Altcoins News
    • NFT News
    • Memecoin News
    • Blockchain News
    • Stablecoins News
    • DeFi News
  • Reviews
    • Exchanges
    • Wallets
    • Casinos
    • Services
  • Price Predictions
    Price PredictionsShow More
    Solana (SOL) Price Faces Correction, But Bulls Eye $205
    Solana (SOL) Price Faces Correction, But Bulls Eye $205
    August 4, 2025
    Ethereum Price Prediction 2024, 2025
    Ethereum Price Prediction 2024, 2025: What to Expect for ETH by 2030
    November 12, 2024
    Bitcoin Price Rises To $78k
    Bitcoin Price Rises To $78k After China Announced Stimulus Packages
    September 24, 2024
    Ethereum (ETH) Surged 15%
    Ethereum (ETH) Surged 15% In 7 Days Despite Whale Selloff
    October 29, 2024
    Worldcoin (WLD) Price Surged 16% As OpenAI Drops New AI Model
    Worldcoin (WLD) Price Surged 16% As OpenAI Drops New AI Models
    October 29, 2024
  • About US
  • Privacy Policy
  • Editorial Policy
  • Terms of Service
  • Disclaimer
  • Contact Us
  • Sitemap
Reading: Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries
Share
  • bitcoinBitcoin(BTC)$118,648.86
  • ethereumEthereum(ETH)$4,375.46
  • rippleXRP(XRP)$2.96
  • tetherTether(USDT)$1.00
  • binancecoinBNB(BNB)$1,030.11
  • solanaSolana(SOL)$224.11
  • usd-coinUSDC(USDC)$1.00
  • staked-etherLido Staked Ether(STETH)$4,372.43
  • dogecoinDogecoin(DOGE)$0.253363
  • cardanoCardano(ADA)$0.85
Font ResizerAa
BTCRepublicBTCRepublic
  • Guides
  • News
  • Reviews
  • Price Predictions
Search
  • Guides
    • Bitcoin
    • Ethereum
    • Altcoins
    • Blockchain
    • DeFi
    • Mining
    • NFTs
    • Wallets
  • News
    • Bitcoin News
    • Ethereum News
    • Altcoins News
    • NFT News
    • Memecoin News
    • Blockchain News
    • Stablecoins News
    • DeFi News
  • Reviews
    • Exchanges
    • Wallets
    • Casinos
    • Services
  • Price Predictions
Follow US
  • About US
  • Privacy Policy
  • Editorial Policy
  • Terms of Service
  • Disclaimer
  • Contact Us
  • Sitemap
© 2025 All Rights Reserved by BTCRepublic.

Home - Ethereum News - Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries

Ethereum NewsNews

Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries

Oladapo Timothy
Last updated: September 4, 2025 2:48 pm
Oladapo Timothy
Published: September 4, 2025
Share
Disclosure: BTCRepublic provides analysis and forecasts but does not offer investment advice. Our content is for informational purposes only. Please conduct your own thorough research and consult with a financial advisor before making any investment in cryptocurrency.
Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries

Hackers exploit Ethereum smart contracts to inject malware into popular NPM coding libraries including “colortoolsv2” and “mimelib2” packages that conceal malicious commands.

Contents
  • Hackers Use Ethereum Smart Contracts To Conceal Malware In Code Libraries
  • How Ethereum Smart Contracts Turn Into Malware Command Centers
  • Two-File Malware Hides a $2.5M Bridge Exploit Method

ALERT: Hackers used the Ethereum blockchain like a secret message board.

Two fake “coding tools”: colortoolsv2 and mimelib2, read that message and then downloaded malware. Stars/repos were faked to look legit.

Simple rule: don’t install random crypto tools, verify the… pic.twitter.com/6OlBefptUF

— Andres Meneses (@andreswifitv) September 4, 2025

Hackers Use Ethereum Smart Contracts To Conceal Malware In Code Libraries

Hackers are now exploiting vulnerabilities in widely-used NPM coding libraries to inject malware into Ethereum smart contracts, according to cybersecurity research by blockchain compliance firm Reversing Labs (RL).

btcrepublic advertise

In a September 3 blog post detailing the discovery, researcher Lucija Valentić revealed that threat actors bypass security scans by exploiting new open-source malware present in the Node Package Manager (NPM) package repository, which contains extensive JavaScript packages and libraries.

The most destructive malware discovered was “colortoolsv2” and “mimelib2“, both published in July, which were found to abuse smart contracts to conceal malicious commands that install downloader malware on infected systems.

Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries

How Ethereum Smart Contracts Turn Into Malware Command Centers

These packages are part of broader open-source libraries affecting both NPM and GitHub, where malicious supply chain actors use advanced social engineering and deception tactics to trick developers into incorporating harmful code into their projects.

According to ReversingLabs, 2025 has witnessed a diverse range of malicious campaigns targeting NPM, the leading online repository for JavaScript packages.

In March, RL documented the discovery of NPM packages ethers-provider2 and ethers-providerz.

btcrepublic advertise 2

Since discovering the ethers campaign, researchers have detected numerous additional infostealers, downloaders, and droppers found on NPM.

At the beginning of July, RL researcher Karlo Zanki discovered and reported a new NPM campaign involving a basic package that deployed blockchain in a novel way to deliver a malicious second stage.

⚠️🧵RL threat researchers detected a malicious #npm package abusing #blockchain for malicious command hosting: https://t.co/Hc0QjaH3So pic.twitter.com/uQ3xXAIEkZ

— ReversingLabs (@ReversingLabs) July 11, 2025

The exact package colortoolsv2 is being used to infiltrate Ethereum smart contracts.

According to RL researchers, the malware is a basic NPM package containing just two files.

The major file is a script named index.js, which contains a hidden malicious payload.

Once installed in a project, the script would run to fetch blockchain data and execute a harmful command by loading the URL for a command and control (C2) server that would then download second-stage malware to the requesting system.

Although “downloader” malware is a common method hackers use in NPM repositories to target victims, this specific malware is unusual as it uses Ethereum smart contracts to host the URLs where malicious commands are located for downloading the second-stage malware.

It gets even more fancy: the way Etherscan was tricked showing the wrong implementation contract is based on setting 2 different proxy slots in the same frontrunning tx. So Etherscan uses a certain heuristic that incorporates different storage slots to retrieve the implementation… https://t.co/8VSCKK7DfY pic.twitter.com/OyxcxZwg5N

— sudo rm -rf –no-preserve-root / (@pcaversaccio) July 10, 2025

Notably, the cybersecurity researchers acknowledge that they haven’t encountered this approach previously.

Two-File Malware Hides a $2.5M Bridge Exploit Method

The researchers uncovered a Solana-trading-bot infected by the malicious colortoolsv2 package called solana-trading-bot-v2, which appears to be a trustworthy GitHub project to the average observer.

Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries

It has thousands of commits, several active contributors, and a decent number of stars and watchers, all characteristics of legitimate open-source repositories.

However, all these details were fabricated, and any developer who installs it risks having user wallets that interact with the bot drained of funds.

Software supply chain attacks targeting smart contracts and blockchain infrastructure are now on the rise.

In July, hackers exploited a vulnerability in Arcadia Finance’s Rebalancer contract, draining approximately $2.5 million in cryptocurrency from the decentralized finance platform operating on Base blockchain.

The attackers manipulated arbitrary swapData parameters to execute unauthorized swaps that emptied user vaults.

A recent report by blockchain analytics firm Global Ledger revealed that hackers have now stolen $3 billion worth of crypto in 119 separate incidents during the first half of 2025, which is 150% more than all of 2024.

Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries
Source: Global Ledger

Slava Demchuk, CEO of analytics firm AMLBot, said access-control flaws and smart contract vulnerabilities, especially in bridges, continue to be dominant attack methods.

Demchuk revealed that these hackers are exploiting the interconnected and composable nature of decentralized finance (DeFi) protocols to amplify the impact.

Blockchain auditors advised that it is critical for developers to assess each library they are considering implementing before deciding to include it in their development cycle.

World’s 2nd Safest Bank ‘Zürcher Kantonalbank’ Launches Crypto Offering
UAE Central Bank (CBUAE) Grants First Approval For Dirham-Pegged Stablecoin Issuer
South Korea Aims To Classify Crypto Firms As Venture Companies
Nexo Resumes UK Registrations After 10-Month FCA Compliance Pause
USDY Tokenized Financial Instrument Integrates With Injective
TAGGED:Coding LibrariesEthereumHackersMalware

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Email Print
ByOladapo Timothy
Follow:
An expert, trader and writer with extensive experience of digital assets, covering everything related to the burgeoning crypto industry — from price analysis to Blockchain disruption. I have authored more than 2,000 stories for crypto and fintech media outlets. I am particularly interested in regulatory trends around the globe that are shaping the future of digital assets.
Previous Article Ripple Expands RLUSD Into Africa Targeting Institutional Rails Ripple Expands RLUSD Into Africa Targeting Institutional Rails
Next Article Cardano (ADA) Gains Momentum as ETF Approval Odds Jump Cardano (ADA) Gains Momentum As ETF Approval Odds Jump
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular
The Hottest Picks
News
Crypto Miner TeraWulf Raises $3 Billion To Expand Data Centres
September 29, 2025
Crypto InvestmentNews
BTCRepublic Market Pulse For This Week
September 27, 2025
Memecoin NewsNews
Dogecoin Price Prediction 2025, 2026 – 2030: Will DOGE Reach 1 Dollar?
September 27, 2025
Blockchain NewsNews
Are Layer-3 Networks The Missing Link In Blockchain Infrastructure?
September 26, 2025
- Advertisement -
Ad imageAd image

Follow Us on Socials

BTCRepublic use social media to react to hot news, update supporters and share authentic and factful information

Facebook Twitter Linkedin Telegram Pinterest
Footer Text white background

Subscribe to our newsletter

Stay ahead of the curve with the BTCRepublic newsletter. By subscribing, you will get information about what is happening in the Web3 world straight to your inbox.

More

  • About US
  • Privacy Policy
  • Editorial Policy
  • Terms of Service
  • Disclaimer
  • Contact Us
  • Sitemap
Reading: Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries
Share
© 2025 All Rights Reserved by BTCRepublic