By using this site, you agree to the Privacy Policy and Terms of Use.
Accept

BTCRepublic: Timely News & Analysis for Smarter Trading.

  • ABOUT
  • DISCLAIMER
  • CONTACT
New Logo Black BTCRepublic BTCRebpublic-New White Logo
  • Guides
    • Bitcoin
    • Ethereum
    • Altcoins
    • Blockchain
    • DeFi
    • Mining
    • NFTs
    • Wallets
  • News
    • Bitcoin News
    • Ethereum News
    • Altcoins News
    • NFT News
    • Memecoin News
    • Blockchain News
    • Stablecoins News
    • DeFi News
  • Reviews
    • Exchanges
    • Wallets
    • Casinos
    • Services
  • Price Predictions
    Price PredictionsShow More
    Solana (SOL) Price Faces Correction, But Bulls Eye $205
    Solana (SOL) Price Faces Correction, But Bulls Eye $205
    October 14, 2025
    Ethereum Price Prediction 2024, 2025
    Ethereum Price Prediction 2024, 2025: What to Expect for ETH by 2030
    October 18, 2025
    Bitcoin Price Rises To $78k
    Bitcoin Hits $65K as China Unveils Stimulus (September 2024)
    October 16, 2025
    Ethereum (ETH) Surged 15%
    Ethereum (ETH) Surged 15% In 7 Days Despite Whale Selloff
    October 14, 2025
    Worldcoin (WLD) Price Surged 16% As OpenAI Drops New AI Model
    Worldcoin (WLD) Price Surged 16% As OpenAI Drops New AI Models
    October 14, 2025
  • About US
  • Privacy Policy
  • Editorial Policy
  • Terms of Service
  • Disclaimer
  • Contact Us
  • Sitemap
Reading: Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries
Share
  • bitcoinBitcoin(BTC)$108,236.55
  • ethereumEthereum(ETH)$3,851.66
  • tetherTether(USDT)$1.00
  • binancecoinBNB(BNB)$1,065.93
  • rippleXRP(XRP)$2.39
  • solanaSolana(SOL)$184.33
  • usd-coinUSDC(USDC)$1.00
  • staked-etherLido Staked Ether(STETH)$3,848.35
  • dogecoinDogecoin(DOGE)$0.191261
  • tronTRON(TRX)$0.324624
Font ResizerAa
BTCRepublicBTCRepublic
  • Guides
  • News
  • Reviews
  • Price Predictions
Search
  • Guides
    • Bitcoin
    • Ethereum
    • Altcoins
    • Blockchain
    • DeFi
    • Mining
    • NFTs
    • Wallets
  • News
    • Bitcoin News
    • Ethereum News
    • Altcoins News
    • NFT News
    • Memecoin News
    • Blockchain News
    • Stablecoins News
    • DeFi News
  • Reviews
    • Exchanges
    • Wallets
    • Casinos
    • Services
  • Price Predictions
Follow US
  • About US
  • Privacy Policy
  • Editorial Policy
  • Terms of Service
  • Disclaimer
  • Contact Us
  • Sitemap
© 2025 All Rights Reserved by BTCRepublic.

Home - Ethereum News - Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries

Ethereum NewsNews

Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries

Oladapo Timothy
Last updated: October 14, 2025 8:00 am
Oladapo Timothy
Published: October 14, 2025
Share
Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries
SHARE

Hackers exploit Ethereum smart contracts to inject malware into popular NPM coding libraries including “colortoolsv2” and “mimelib2” packages that conceal malicious commands.

ALERT: Hackers used the Ethereum blockchain like a secret message board.

Two fake “coding tools”: colortoolsv2 and mimelib2, read that message and then downloaded malware. Stars/repos were faked to look legit.

Simple rule: don’t install random crypto tools, verify the… pic.twitter.com/6OlBefptUF

— Andres Meneses (@andreswifitv) September 4, 2025

Hackers Use Ethereum Smart Contracts To Conceal Malware In Code Libraries

Hackers are now exploiting vulnerabilities in widely-used NPM coding libraries to inject malware into Ethereum smart contracts, according to cybersecurity research by blockchain compliance firm Reversing Labs (RL).

btcrepublic advertise

In a September 3 blog post detailing the discovery, researcher Lucija Valentić revealed that threat actors bypass security scans by exploiting new open-source malware present in the Node Package Manager (NPM) package repository, which contains extensive JavaScript packages and libraries.

The most destructive malware discovered was “colortoolsv2” and “mimelib2“, both published in July, which were found to abuse smart contracts to conceal malicious commands that install downloader malware on infected systems.

Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries

How Ethereum Smart Contracts Turn Into Malware Command Centers

These packages are part of broader open-source libraries affecting both NPM and GitHub, where malicious supply chain actors use advanced social engineering and deception tactics to trick developers into incorporating harmful code into their projects.

According to ReversingLabs, 2025 has witnessed a diverse range of malicious campaigns targeting NPM, the leading online repository for JavaScript packages.

In March, RL documented the discovery of NPM packages ethers-provider2 and ethers-providerz.

btcrepublic advertise 2

Since discovering the ethers campaign, researchers have detected numerous additional infostealers, downloaders, and droppers found on NPM.

At the beginning of July, RL researcher Karlo Zanki discovered and reported a new NPM campaign involving a basic package that deployed blockchain in a novel way to deliver a malicious second stage.

⚠️🧵RL threat researchers detected a malicious #npm package abusing #blockchain for malicious command hosting: https://t.co/Hc0QjaH3So pic.twitter.com/uQ3xXAIEkZ

— ReversingLabs (@ReversingLabs) July 11, 2025

The exact package colortoolsv2 is being used to infiltrate Ethereum smart contracts.

According to RL researchers, the malware is a basic NPM package containing just two files.

The major file is a script named index.js, which contains a hidden malicious payload.

Once installed in a project, the script would run to fetch blockchain data and execute a harmful command by loading the URL for a command and control (C2) server that would then download second-stage malware to the requesting system.

Although “downloader” malware is a common method hackers use in NPM repositories to target victims, this specific malware is unusual as it uses Ethereum smart contracts to host the URLs where malicious commands are located for downloading the second-stage malware.

It gets even more fancy: the way Etherscan was tricked showing the wrong implementation contract is based on setting 2 different proxy slots in the same frontrunning tx. So Etherscan uses a certain heuristic that incorporates different storage slots to retrieve the implementation… https://t.co/8VSCKK7DfY pic.twitter.com/OyxcxZwg5N

— sudo rm -rf –no-preserve-root / (@pcaversaccio) July 10, 2025

Notably, the cybersecurity researchers acknowledge that they haven’t encountered this approach previously.

Two-File Malware Hides a $2.5M Bridge Exploit Method

The researchers uncovered a Solana-trading-bot infected by the malicious colortoolsv2 package called solana-trading-bot-v2, which appears to be a trustworthy GitHub project to the average observer.

Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries

It has thousands of commits, several active contributors, and a decent number of stars and watchers, all characteristics of legitimate open-source repositories.

However, all these details were fabricated, and any developer who installs it risks having user wallets that interact with the bot drained of funds.

Software supply chain attacks targeting smart contracts and blockchain infrastructure are now on the rise.

In July, hackers exploited a vulnerability in Arcadia Finance’s Rebalancer contract, draining approximately $2.5 million in cryptocurrency from the decentralized finance platform operating on Base blockchain.

The attackers manipulated arbitrary swapData parameters to execute unauthorized swaps that emptied user vaults.

A recent report by blockchain analytics firm Global Ledger revealed that hackers have now stolen $3 billion worth of crypto in 119 separate incidents during the first half of 2025, which is 150% more than all of 2024.

Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries
Source: Global Ledger

Slava Demchuk, CEO of analytics firm AMLBot, said access-control flaws and smart contract vulnerabilities, especially in bridges, continue to be dominant attack methods.

Demchuk revealed that these hackers are exploiting the interconnected and composable nature of decentralized finance (DeFi) protocols to amplify the impact.

Blockchain auditors advised that it is critical for developers to assess each library they are considering implementing before deciding to include it in their development cycle.

US SEC Authorizes the First Leveraged MicroStrategy ETF
Russia’s Bitcoin Mining Surge: 54,000 BTC in 2023!
Trump-Linked WLFI Project Moves Toward Aggressive Token Burn
Ether Lost Forever Hits $3.4B Due To User Error, Coinbase Exec Warns
Extreme Fear Grips Market as Bitcoin RSI Hits Bearish Low
TAGGED:Coding LibrariesEthereumHackersMalware

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
Subscription Form
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Email Print
ByOladapo Timothy
Follow:
An expert, trader and writer with extensive experience of digital assets, covering everything related to the burgeoning crypto industry — from price analysis to Blockchain disruption. I have authored more than 2,000 stories for crypto and fintech media outlets. I am particularly interested in regulatory trends around the globe that are shaping the future of digital assets.
Previous Article Ripple Expands RLUSD Into Africa Targeting Institutional Rails Ripple Expands RLUSD Into Africa Targeting Institutional Rails
Next Article Cardano (ADA) Gains Momentum as ETF Approval Odds Jump Cardano (ADA) Gains Momentum As ETF Approval Odds Jump
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Subscribe to Our Newsletter
Subscribe to our newsletter to get our newest articles instantly!
Subscription Form
Binance and Israeli Forces Allegedly Seize Palestine Crypto
Binance and Israeli Forces Allegedly Seize Palestine Crypto
News
Worldcoin (WLD) Price Surged 16% As OpenAI Drops New AI Model
Worldcoin (WLD) Price Surged 16% As OpenAI Drops New AI Models
Price Predictions
How To Buy Ripple (XRP) - A Step-by-Step Guide For Beginners
How To Buy Ripple (XRP) 2024 – A Clean Guide For Beginners
Altcoins
Indian High Court Orders Take Down of Mudrex Impersonation Scammers
Indian High Court Orders Take Down of Mudrex Impersonation Scammers
News

Follow Us on Socials

BTCRepublic use social media to react to hot news, update supporters and share authentic and factful information

Facebook Twitter Linkedin Telegram Pinterest
New Logo Black BR


BTCRepublic is the go-to source for comprehensive news coverage on blockchain technology, cryptocurrencies, non-fungible tokens, and Web3 gaming. Our content ranges from market trends to in-depth price analysis, fresh developments, interviews, and beginner guides.

Subscribe to our newsletter

Stay ahead of the curve with the BTCRepublic newsletter. By subscribing, you will get information about what is happening in the Web3 world straight to your inbox.

Subscription Form (#3)

More

  • About US
  • Privacy Policy
  • Editorial Policy
  • Terms of Service
  • Disclaimer
  • Contact Us
  • Sitemap
Reading: Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries
Share
© 2025 All Rights Reserved by BTCRepublic