Malicious Pull Request Inserted Into Ethereum Code Extension: Research
A hacker inserted malicious code into a pull request for ETHcode, an open-source tool for Ethereum developers. The malicious code was hidden in an update containing 43 commits and 4,000 lines, primarily focused on adding a new testing framework. The update was submitted by a user with no prior history and passed checks by GitHub’s AI reviewer and the ETHcode development group, 7finney. The first line of malicious code was disguised to resemble an existing file, while the second activated a Powershell script intended to steal crypto assets or compromise Ethereum contracts. ReversingLabs is investigating the script's function but has found no evidence of theft. ETHcode has 6,000 installs, raising concerns about potential widespread exposure. Experts warn that such exploits are common in the crypto space due to reliance on open-source development. Recommendations for developers include verifying contributor identities, reviewing dependencies, and using security tools to mitigate risks.
