Hackers Exploit Ethereum Smart Contracts to Launch Hidden Malware
Cybercriminals use blockchain to bypass traditional security scans in alarming new attack
Hackers have discovered a new way to hide malware inside Ethereum smart contracts, raising major concerns over how cybercriminals are evolving to bypass security defenses. According to cybersecurity researchers at ReversingLabs, attackers are embedding malicious commands within smart contracts to avoid detection, allowing them to deploy harmful software through open-source code repositories.
The discovery came after researchers identified two malicious packages, “colortoolsv2” and “mimelib2,” uploaded to the Node Package Manager (NPM) repository in July. Instead of directly linking to malicious servers, the packages acted as simple downloaders, querying the Ethereum blockchain to retrieve hidden server addresses. These servers then delivered second-stage malware onto compromised systems. By disguising traffic as legitimate blockchain queries, the attackers made it far harder for security tools to detect their activity.
While hackers have used Ethereum smart contracts for malicious purposes before, this new technique stands out because the contracts were used specifically to host and conceal download links for second-stage malware. ReversingLabs researcher Lucija Valentić said this represents a “fast evolution of detection evasion strategies,” making it increasingly difficult for developers and security teams to spot threats.
The malware campaign was part of a broader social engineering effort that relied on fake cryptocurrency trading bot repositories on GitHub. These repositories appeared trustworthy with fabricated commits, fake user activity, multiple maintainers, and professional-looking documentation, all designed to lure unsuspecting developers.
In 2024 alone, researchers have tracked more than 20 crypto-related malware campaigns across open-source platforms. Recent attacks have also targeted Solana trading bots and the Bitcoinlib Python library. The rise of blockchain-powered malware highlights a dangerous trend where hackers combine social engineering with decentralized technologies to stay one step ahead of security protections.
