Skip to content

Ethereum Developers May Face Risks from Malicious Code Found in ETHcode Open Source Update

2025-07-11 10:44:36

Ethereum Developers May Face Risks from Malicious Code Found in ETHcode Open Source Update

Main Idea

Malicious code was discovered in an ETHcode update, posing security risks to Ethereum developers and highlighting vulnerabilities in open-source crypto projects.

Key Points

1. A GitHub pull request by an unknown user (Airez299) introduced malicious code into ETHcode, masked by a new testing framework.

2. The malicious code could potentially compromise Ethereum contracts under development, though no exploits have been reported yet.

3. ETHcode has approximately 6,000 installations, and its automatic update mechanism increases the risk of widespread impact.

4. Open-source vulnerabilities in crypto projects are a growing concern, with past incidents like the Ledger Connect Kit breach and Solana’s web3.js library malware.

5. ReversingLabs recommends developers adopt rigorous security practices, including sandboxing and strict protocols, to mitigate risks.

Description

Cybersecurity researchers have uncovered malicious code embedded in a recent update to ETHcode, a widely used open source toolset for Ethereum developers. The hidden code was inserted via a GitHub

>> go to origin page
Tags:
News ETH