Close Menu
  • Latest News
    • Bitcoin
    • Ethereum
    • Altcoins
    • Meme Coins
  • DeFi
  • Tech
    • Blockchain
    • Security and Privacy
  • Web 3
    • Web3 News
    • Gaming
  • Legal
    • Taxes & Regulation
    • Adoption
  • Analysis
  • Learn
    • Education
    • Wallets and Exchanges
  • Tools
    • Market Overview
    • Converter
What's Hot

SpoonOS and DBOS partner to support durable AI agent applications

July 7, 2025

Following the Major Tax Law in the US, a Major Cryptocurrency Tax Bill Has Now Been Proposed

July 7, 2025

SYRUP hits $2.58B TVL milestone – But here’s what’s stopping the rally

July 7, 2025
Facebook X (Twitter) Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • Disclosure
Facebook X (Twitter) Instagram
Buy Crypto NewsBuy Crypto News
  • Latest News
    1. Bitcoin
    2. Ethereum
    3. Altcoins
    4. Meme Coins
    5. View All

    BlackRock’s Bitcoin Exchange-Traded Fund (IBIT) Just Two Spots Away From Being Firm’s Top Revenue-Generating ETF: Bloomberg Analyst

    July 7, 2025

    Bitcoin’s ‘Mempool’ Nearly Empty as Prices Trade Near Lifetime Highs. What Next?

    July 6, 2025

    Bitcoin Treasury Companies Are Bubbles

    July 6, 2025

    Billionaire Bitcoin Whales Waking Up; More Than 80,000 BTC Moved—Should You be Worried?

    July 6, 2025

    Analyst Says Don’t Trade Until This Happens

    July 7, 2025

    Inside Ethereum’s hidden liquidity imbalance that can break its economic model

    July 6, 2025

    Ethereum Wyckoff Accumulation Hints At Explosive Q3 – $4K Level In Sight

    July 6, 2025

    Ethereum hits $2.6k – With 6M ETH staked, what’s next for price action?

    July 6, 2025

    SYRUP hits $2.58B TVL milestone – But here’s what’s stopping the rally

    July 7, 2025

    Ethereum Ready For Explosive Breakout, Analyst Says $5,791 Is The Minimum Target

    July 7, 2025

    Toncoin explodes 12% in 2 hours on the back of UAE’s Golden Visa rules

    July 6, 2025

    Bitcoin Price Could Test $99K Before a Year-End Surge, Says Market Expert

    July 6, 2025

    Pepe, BMT, CAKE: Crypto Activity Heats Up

    March 18, 2025

    SHIB Burns Over Half a Billion Tokens, Price Surges Over 7%

    March 17, 2025

    DOGE Sees Massive User Growth: Active Addresses Up 400%

    March 15, 2025

    Shiba Inu (SHIB) Price Analysis: Bullish Hints, Bearish Trend

    March 15, 2025

    SpoonOS and DBOS partner to support durable AI agent applications

    July 7, 2025

    Following the Major Tax Law in the US, a Major Cryptocurrency Tax Bill Has Now Been Proposed

    July 7, 2025

    SYRUP hits $2.58B TVL milestone – But here’s what’s stopping the rally

    July 7, 2025

    TON offers UAE golden visa for stakers, making residency by crypto a reality

    July 7, 2025
  • DeFi

    $2.4B lost in 2025 H1 crypto hacks — exchanges and DeFi hit hardest: report

    July 7, 2025

    AAVE price steady as whales buy, exchange supply plunges

    July 6, 2025

    Over $1b flows into spot Bitcoin ETFs as macro sentiment improves

    July 6, 2025

    SOL gets fresh institutional push as Nasdaq-listed firm expands treasury with $2.7m

    July 6, 2025

    DeFi Is outpacing Bitcoin’s maximalist mindset

    July 6, 2025
  • Tech
    1. Blockchain
    2. Security and Privacy
    3. View All

    SpoonOS and DBOS partner to support durable AI agent applications

    July 7, 2025

    North Korean Hackers Unleash New Apple Malware in Imminent Crypto Threat—Here’s How

    July 7, 2025

    BoE Governor Warns Stablecoin Boom Could Undermine Monetary Trust – Central Banks on Alert

    July 6, 2025

    Why Is Robinhood Building on Arbitrum Instead of Solana?

    July 6, 2025

    North Korean Hackers Target Crypto Firms with Novel macOS Malware

    July 3, 2025

    Crypto firms paid $2.7M monthly to North Korean workers

    July 3, 2025

    International Taskforce Dismantles €460m Crypto Fraud Network

    July 1, 2025

    Bybit and North Korean hackers headline $2.1 billion crypto hacks in H1

    June 27, 2025

    SpoonOS and DBOS partner to support durable AI agent applications

    July 7, 2025

    Following the Major Tax Law in the US, a Major Cryptocurrency Tax Bill Has Now Been Proposed

    July 7, 2025

    SYRUP hits $2.58B TVL milestone – But here’s what’s stopping the rally

    July 7, 2025

    TON offers UAE golden visa for stakers, making residency by crypto a reality

    July 7, 2025
  • Web 3
    1. Web3 News
    2. Gaming
    3. View All

    A New Round of Wealth Storm Is Coming—BTC Miner Equips You to Seize the Next Crypto Boom

    July 7, 2025

    Fraud Detection and Prevention Market to Reach USD 153.91 Billion by 2030, Driven by Real-Time Analytics and AI Integration

    July 6, 2025

    BAY Miner launches cloud mining mobile app to help users easily mine BTC, SOL, DOGE

    July 6, 2025

    Why loyalty is becoming web3 gaming’s next essential layer

    July 6, 2025

    FLOKI Advances Blockchain Gaming Ambitions With Valhalla Mainnet Launch and Esports Partnership

    July 6, 2025

    HeLa Space and Onmi Upgrade AR Gaming Experience with Web3 Adventure

    July 6, 2025

    Neural Expands to Solana with AI Game Creation Tools and Multi-Chain Support

    July 5, 2025

    PlayZap Games Joins Forces with DeFi Cattos to Offer Cutting-Edge Gaming via Aptos

    July 5, 2025

    SpoonOS and DBOS partner to support durable AI agent applications

    July 7, 2025

    Following the Major Tax Law in the US, a Major Cryptocurrency Tax Bill Has Now Been Proposed

    July 7, 2025

    SYRUP hits $2.58B TVL milestone – But here’s what’s stopping the rally

    July 7, 2025

    TON offers UAE golden visa for stakers, making residency by crypto a reality

    July 7, 2025
  • Legal
    1. Taxes & Regulation
    2. Adoption
    3. View All

    Following the Major Tax Law in the US, a Major Cryptocurrency Tax Bill Has Now Been Proposed

    July 7, 2025

    Non-compliant traders face steep fines

    July 7, 2025

    Detroit Sues Crypto Real Estate Platform Over Safety, Health Violations

    July 7, 2025

    IMF warns that Trump’s tax bill will make debt reduction difficult in the medium term

    July 6, 2025

    TON offers UAE golden visa for stakers, making residency by crypto a reality

    July 7, 2025

    Asian consortium led by Metaplanet, Sora Ventures targets Thai market with DV8 acquisition

    July 5, 2025

    Tether and Adecoagro join forces for sustainable Bitcoin mining

    July 5, 2025

    Investor poll shows 73% approval for Trump’s crypto policy, bullish views on prices increase

    July 5, 2025

    SpoonOS and DBOS partner to support durable AI agent applications

    July 7, 2025

    Following the Major Tax Law in the US, a Major Cryptocurrency Tax Bill Has Now Been Proposed

    July 7, 2025

    SYRUP hits $2.58B TVL milestone – But here’s what’s stopping the rally

    July 7, 2025

    TON offers UAE golden visa for stakers, making residency by crypto a reality

    July 7, 2025
  • Analysis

    Analyst Unveils Crypto Catalysts for ‘Jubilant July,’ Says Altcoins Will Likely ‘Cook’ for Next Few Weeks

    July 6, 2025

    Ripple Price Prediction as XRP ETF Approval Odds Near 100%

    July 6, 2025

    Suspicion surrounds mysterious $8.6 billion Bitcoin move

    July 6, 2025

    US Bond Holders Abruptly Sell $10,000,000,000+ in Treasuries and Corporate Debt Amid Fears of US Fiscal Fallout: Report

    July 5, 2025

    Bonk & Pepe Gain Momentum While Dogwifhat Drops—Is Memecoin Season Over or Just Beginning?

    July 5, 2025
  • Learn
    1. Education
    2. Wallets and Exchanges
    3. View All

    What Are Internet Capital Markets? Why Companies Are Launching Meme Coins

    June 16, 2025

    What is a Corporate Bitcoin Treasury? The Strategy Behind Companies Holding Crypto

    May 27, 2025

    What Are Tokenized Real-World Assets? Putting Physical Value On-Chain With RWAs

    May 19, 2025

    Users Taunt Grok After xAI Says Modifications Were Made to Spit out ‘White Genocide’ Claim

    May 16, 2025

    More than 40 fake wallet extensions on browsers detected as malware threat

    July 3, 2025

    Mastercard joins forces with Bitget Wallet to release zero-fee crypto cards

    July 2, 2025

    Supreme Court confirms IRS right to access customer data from crypto exchanges without warrant

    July 2, 2025

    Satoshi Nakamoto address receives $20k from mystery wallet

    July 1, 2025

    SpoonOS and DBOS partner to support durable AI agent applications

    July 7, 2025

    Following the Major Tax Law in the US, a Major Cryptocurrency Tax Bill Has Now Been Proposed

    July 7, 2025

    SYRUP hits $2.58B TVL milestone – But here’s what’s stopping the rally

    July 7, 2025

    TON offers UAE golden visa for stakers, making residency by crypto a reality

    July 7, 2025
  • Tools
    • Market Overview
    • Converter
Buy Crypto NewsBuy Crypto News
Home»Security and Privacy»Supply Chain Attack Targets Key Ethereum Development Tools
Supply Chain Attack Targets Key Ethereum Development Tools
Security and Privacy

Supply Chain Attack Targets Key Ethereum Development Tools

January 7, 2025No Comments3 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email

Supply Chain Attack Hits Ethereum Development Ecosystem

A recent supply chain attack has targeted crucial components of the Ethereum development ecosystem, impacting platforms such as the Nomic Foundation and Hardhat. The attackers managed to infiltrate the ecosystem by deploying malicious npm packages, through which they were able to extract sensitive data like private keys, mnemonics, and configuration files.

Attack Details and Modus Operandi

Discovered by Socket, this attack involved the dissemination of 20 malicious npm packages created by three main authors. One of these packages, @nomicsfoundation/sdk-test, was downloaded a staggering 1092 times. This breach has left development environments vulnerable to backdoors, putting them at risk of financial losses and potential compromise of production systems.

The attackers utilized Ethereum smart contracts to govern command-and-control (C2) server addresses, leveraging the decentralized and immutable nature of blockchain technology to complicate efforts to disrupt the infrastructure. Of particular note is a contract that dynamically supplied C2 addresses to infected systems.

The attackers employed an impersonation strategy by mimicking legitimate Hardhat plugins, integrating themselves into the supply chain. For instance, malicious packages like @nomisfoundation/hardhat-configure and @monicfoundation/hardhat-config closely resembled authentic Hardhat plugins, targeting crucial development processes such as deployment, gas optimization, and smart contract testing.

Key similarities between the malicious and legitimate plugins include their use of naming conventions resembling genuine Hardhat plugins, claims of offering useful extensions, and targeting similar development processes. Both types of plugins exploit developers’ trust by being hosted on npm, with malicious plugins specifically exploiting the Hardhat Runtime Environment (HRE) to collect and exfiltrate sensitive data like private keys and mnemonics.

See also  Ethereum Price Struggles at $2,530 Support! Crash to $2,175 or Surge to $3,300?

The attack sequence commences with the installation of compromised packages, which then exploit HRE functions to gather sensitive data. This data is encrypted using a predefined AES key and transmitted to endpoints controlled by the attackers.

Preventive Measures for Developers

To safeguard their development environments, developers are advised to implement stricter auditing and monitoring practices. Measures such as securing privileged access management, adopting a zero-trust architecture, and conducting regular security assessments can significantly mitigate the risk of supply chain attacks.

Furthermore, maintaining a software bill of materials (SBOM) and fortifying the build environment are recommended strategies to bolster security. By incorporating these practices, developers can reduce the likelihood of falling victim to supply chain attacks and enhance the overall security of their software development processes.

By staying vigilant and proactive, developers can better protect their projects and contribute to a more secure ecosystem for Ethereum development.

Attack Chain Development Ethereum key Supply Targets Tools
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Ethereum Ready For Explosive Breakout, Analyst Says $5,791 Is The Minimum Target

July 7, 2025

AAVE price steady as whales buy, exchange supply plunges

July 6, 2025

Ethereum Wyckoff Accumulation Hints At Explosive Q3 – $4K Level In Sight

July 6, 2025

Ethereum hits $2.6k – With 6M ETH staked, what’s next for price action?

July 6, 2025
Add A Comment
Leave A Reply Cancel Reply

Top Posts

Bitcoin Primed To Skyrocket to $120,000, According to Crypto Analyst – But There’s a Catch

May 16, 2025

Staking Crypto is the Low-Risk, High-Return Crypto Investment! Why Are European and American Institutions Increasing Their Staking?

April 14, 2025

Japanese gaming publisher Gumi announces plans to buy $6 million worth of Bitcoin for treasury

February 12, 2025
Price Chart


Explore insights on crypto, blockchain, taxes, and security. Stay informed with expert guides, tips, and the latest trends to navigate the digital asset world confidently


We're social. Connect with us:

Facebook X (Twitter) Instagram Pinterest YouTube
Top Insights

SpoonOS and DBOS partner to support durable AI agent applications

July 7, 2025

Following the Major Tax Law in the US, a Major Cryptocurrency Tax Bill Has Now Been Proposed

July 7, 2025

SYRUP hits $2.58B TVL milestone – But here’s what’s stopping the rally

July 7, 2025
Get Informed

Subscribe to Updates

Get the latest creative news From BuyCryptoNews directly in your Inbox!

  • Contact
  • Privacy Policy
  • Terms & Conditions
  • Disclosure
© 2025 BuyCryptoNews - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.