🎁 Ace quick missions & earn crypto rewards while gaining real-world Web3 skills. JOIN NOW! 🔥
Ledger
Crypto News Exploits
Hackers Use Ethereum Smart Contracts to Mask Malware in NPM Packages

Hackers Use Ethereum Smart Contracts to Mask Malware in NPM Packages

Aaron S. Editor-In-Chief
Written by Aaron S.,
Editor-In-Chief

✓ Fact Checked

Last Updated: September 05, 2025

✓ Fact Checked

Key Takeaways

  • ​Hackers hid malware locations in Ethereum smart contracts to bypass scans and avoid detection in NPM packages;
  • Two fake JavaScript tools, "colortoolsv2" and "mimelib2", pulled malware links from the blockchain after installation;
  • The campaign also used a fake GitHub crypto bot project with fake activity to lure developers into installing the malware.

Ace quick missions & earn crypto rewards while gaining real-world Web3 skills. Participate Now! 🔥

Hackers Use Ethereum Smart Contracts to Mask Malware in NPM Packages

Hackers have discovered a new method for spreading malicious software by using Ethereum ETH $4,352.56 smart contracts to conceal crucial aspects of their attacks.

According to a blog post by Lucija Valentić at ReversingLabs, two suspicious software packages were found on the Node Package Manager (NPM), a platform used to share JavaScript code.

These packages, named "colortoolsv2" and "mimelib2", were uploaded in July and designed to look like regular tools.

What is a Crypto Bull Run? (Animated Explainer + Prediction)

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is a Crypto Bull Run? (Animated Explainer + Prediction)

What is a Crypto Bull Run? (Animated Explainer + Prediction) What is a Crypto Bull Run? (Animated Explainer + Prediction)

The packages acted like simple downloaders. When someone installed one, it would reach out to the Ethereum blockchain and fetch data from a smart contract. That data contained the location of a second piece of malware, which would then be downloaded and installed.

This made it hard for security systems to flag the packages as harmful, since they did not include any direct links to malicious websites or files.

Valentić explained that while Ethereum contracts have been misused before, this setup was different. In this case, the smart contract did not hold the malware itself, but held the location where it could be found.

The campaign was not limited to NPM. It also involved a fake open-source project hosted on GitHub. Hackers created a fake cryptocurrency trading bot, complete with fake updates, detailed documentation, and several user accounts to make the project seem active and trustworthy.

On September 1, SlowMist’s Yu Xian reported that attackers stole WLFI tokens from Ethereum wallets. How? Read the full story.

Aaron S. Editor-In-Chief
Aaron S. Editor-In-Chief
Having completed a Master’s degree in Economics, Politics, and Cultures of the East Asia region, Aaron has written scientific papers analyzing the differences between Western and Collective forms of capitalism in the post-World War II era.
With close to a decade of experience in the FinTech industry, Aaron understands all of the biggest issues and struggles that crypto enthusiasts face. He’s a passionate analyst who is concerned with data-driven and fact-based content, as well as that which speaks to both Web3 natives and industry newcomers.
Aaron is the go-to person for everything and anything related to digital currencies. With a huge passion for blockchain & Web3 education, Aaron strives to transform the space as we know it, and make it more approachable to complete beginners.
Aaron has been quoted by multiple established outlets, and is a published author himself. Even during his free time, he enjoys researching the market trends, and looking for the next supernova.
See Our Experts
Loading...

The Most Liked Crypto News Findings

Looking for more latest crypto news on related topic? We have gathered similar news articles for you to spare your time. Take a look!

Venus Protocol Reclaims $13.5 Million After Zoom-Based Wallet Hack

Exploits

Venus Protocol Reclaims $13.5 Million After Zoom-Based Wallet Hack

WLFI Locks Out Hackers with Blacklist Ahead of Token Launch

Exploits

WLFI Locks Out Hackers with Blacklist Ahead of Token Launch

Venus Protocol Halts Activity After User Falls for $13.5 Million Crypto Scam

Exploits

Venus Protocol Halts Activity After User Falls for $13.5 Million Crypto Scam

Latest Crypto News & Videos

Trust Wallet leveled up - here's how

Daily Squeeze

Trust Wallet leveled up - here's how

Amazon’s Lens Live Turns Camera Into a Shopping Tool

AI

Amazon’s Lens Live Turns Camera Into a Shopping Tool

US Bancorp Revives Crypto Custody After Rule Change

Business

US Bancorp Revives Crypto Custody After Rule Change

Toobit Tutorial For Beginners (FULL Animated 2025 Guide) Toobit Tutorial For Beginners (FULL Animated 2025 Guide)
VIDEO

Toobit Tutorial For Beginners (FULL Animated 2025 Guide)

Copy Trading Guide for Beginners (ANIMATED EXAMPLES) Copy Trading Guide for Beginners (ANIMATED EXAMPLES)
VIDEO

Copy Trading Guide for Beginners (ANIMATED EXAMPLES)

The Most Rewarding Play-to-Earn Project? BitDegree Explained (ANIMATED) The Most Rewarding Play-to-Earn Project? BitDegree Explained (ANIMATED)
VIDEO

The Most Rewarding Play-to-Earn Project? BitDegree Explained (ANIMATED)

Trending Crypto News

Coinbase Pushes for AI-Native Workforce, Keeps Hiring

Coinbase Pushes for AI-Native Workforce, Keeps Hiring

SEC Briefed on Quantum Threat That Could Break Crypto Encryption

SEC Briefed on Quantum Threat That Could Break Crypto Encryption

Venus Protocol Reclaims $13.5 Million After Zoom-Based Wallet Hack

Venus Protocol Reclaims $13.5 Million After Zoom-Based Wallet Hack

Wintermute to SEC: Stop Calling Network Tokens Securities

Wintermute to SEC: Stop Calling Network Tokens Securities

Ledger
binance
×
Verified

CLAIM $100 BONUS

Changelly Welcome Reward
Rating
5.0
Get deal
See all Provider Coupons
×
BitDegree.org

BitDegree.org

Fact-checking Standards

To ensure the highest level of accuracy & most up-to-date information, BitDegree.org is regularly audited & fact-checked by following strict editorial guidelines & review methodology.
Carefully selected industry experts contribute their real-life experience & expertise to BitDegree's content. Our extensive Web3 Expert Network is compiled of professionals from leading companies, research organizations and academia.

All the content on BitDegree.org meets these criteria:

  • Only authoritative sources like academic associations or journals are used for research references while creating the content.
  • The real context behind every covered topic must always be revealed to the reader.
  • If there's a disagreement of interest behind a referenced study, the reader must always be informed.
Feel free to contact us if you believe that content is outdated, incomplete, or questionable.
×
Subscribe

Subscribe

On Youtube

Understand crypto with ease

New explainer videos every week!