Researchers have found a harmful code in an application for Ethereum Development

ReversingLabs cybersecurity experts found a harmful pool in an Ethcode repositor smart contracts.

On June 17, it added a user with zero history under Nick Airez299. His code has been tested by Github AI and Review from Ethcode Authors 7Finney team without raising suspicion.

The malicious code consisted of two lines hidden in the update for a test frame of 43 committees. These instructions, disguised as true libraries, were to call the loading and launch of a harmful script from a third -party repository.

According to ReversingLabs experts, the script could be intended for theft of cryptoactives or interference with contracts developed by Ethcode users. However, there is no evidence of the actual use of this code to break.

Ethcode has been installed more than 6000 times, so a potentially harmful update could spread to thousands of cars.

The Ethereum Development Zok Cole of Number Group in a comment for Decrypt noted that such cases are not uncommon in crypto-environment:

“Too much code and not enough eyes. Most people simply think something is safe because it is popular or exists for a while, but it means nothing. ”

According to him, many install Open Source packages without proper verification. For example, he attributed to Ledger Connect Kit compromise in December 2023 and detect a harmful code at the Solana Web3.JS.

Cole notes that the number of potential goals for such an attack is increasing, as more developers are using open tools.

“There are whole warehouses with North Korean hackers who are looking for such fracture vectors around the clock,” he added.

We will remind, experts Venn Network showed critical vulnerability in “thousands of smart contracts” and prevented the theft of cryptocurrencies for more than $ 10 million.

The gun