Tech

Malicious Pull Request Inserted Into Ethereum Code Extension: Research

Roman Hasley
Roman Hasley
Malicious Pull Request Inserted Into Ethereum Code Extension: Research

In brief

  • A hacker compromised the ETHCode toolkit update with malicious code.
  • Cybersecurity analysis confirms no tokens stolen, but widespread distribution to developers is possible.
  • Industry experts warn against blind trust in open source tooling.

Hacker Buries Malicious Code in Ethereum Development Toolkit

A sophisticated attack has compromised the update for commonly used open-source Ethereum toolkit ETHCode. Researchers at ReversingLabs discovered two malicious lines of code inserted into a legitimate update.

Contents
In briefHacker Buries Malicious Code in Ethereum Development ToolkitChipping Away at Open Source Security

The compromised code, contained within a 4,000-line update request adding testing capabilities, was contributed by a previously unknown GitHub user named “Airez299”. Despite scrutiny by ReversingLabs and the creators of ETHCode, the malicious lines were approved for inclusion.

The first malicious line attempted to conceal its presence by mimicking a pre-existing file structure. The second line acts as an activator. ReversingLabs analysis indicates the code ultimately aims to create an automated function, likely a PowerShell script, downloading and executing malware from a public file-hosting service.

While ReversingLabs investigation suggests the malware’s purpose may involve crypto theft or contract tampering, there is currently no confirmed evidence it has been executed successfully. However, ETHCode’s popularity means such a vulnerability could potentially affect thousands of developer systems following an automatic update.

Chipping Away at Open Source Security

Ethereum developer Zak Cole highlights how this incident exemplifies emerging security challenges in the crypto ecosystem. “There’s too much code and not enough eyes on it,” Cole states, adding that greater toolchain standardization is increasing the attack surface. Many developers casually add open-source packages without proper security reviews.

This incident follows several high-profile examples including a Solana web3.js exploit from last year and a Ledger breach earlier focusing on Connect Kit exploits.

Despite these risks, ReversingLabs researcher Petar Kirhmajer notes successful attempts are rare. Nevertheless, security researchers universally recommend vigilant practices:

  1. Verify contributor identities and histories
  2. Thoroughly review code changes, especially new packages
  3. Regularly scan dependency trees
  4. Leverage security scanning tools
  5. Maintain strict separation between development and wallet execution environments

Proactive security measures become increasingly vital as automated dependency management simplifies development processes, experts warn.

The Protocol: Vitalik Buterin’s Latest Proposal – Transaction Gas Cap
Symbiotic Launches ‘Relay’ to Bring Secure Staking Across Chains
Polyhedra Blames Liquidity Attacks for Sudden 80% Price Drop in ZKJ, Promises Buyback
Crypto Exchange Bullish Teams Up With Solana for Institutional Stablecoin Push
BNB Smart Chain block times fall to 0.8 secs amid Maxwell upgrade
Share This Article
Previous Article Why Is Bitcoin Holding Steady as XRP, Solana, Dogecoin Waver? Why Is Bitcoin Holding Steady as XRP, Solana, Dogecoin Waver?
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

- Advertisement -
Ad image
Popular News

You Might Also Like