Ethereum Smart Contracts Abused In Open Source Supply Chain Attack

ReversingLabs researchers discovered a campaign that planted malicious npm packages (colortoolsv2 and mimelib2) which used Ethereum smart contracts to host C2 payload locations; the campaign also leveraged deceptive GitHub repositories (e.g., faux crypto trading bot projects with inflated commits and sock-puppet accounts) to trick developers into installing compromised code, representing a sophisticated software supply-chain attack targeting blockchain/cryptocurrency development ecosystems.