216.73.216.170

The Solidity Language open-source package was used in a $500,000 crypto heist

· Published 16/07/2025 16:10 · Modified 16/07/2025 19:45

Export JSON

Essential information

Published
16/07/2025 16:10
Modified
16/07/2025 19:45
Tags
2025-07-11 2025-07-16 blockchain cryptocurrency cursor ai data theft developers heur:trojan-psw.msil.purelogs.gen malicious extension open-source quasar screenconnect solidity vmdetector
Related entities
9 techniques (mitre)

Description

A developer in Russia lost $500,000 in crypto assets due to a malicious Language extension for IDE. The fake extension, downloaded 54,000 times, appeared higher in search results than the legitimate one due to ranking algorithms. It installed malware that allowed remote access and . The attackers used for remote control and deployed various scripts to steal wallet passphrases. A new malicious package was published shortly after the first was removed, with an inflated download count of 2 million. Similar attacks were found targeting through other extensions and npm packages. The incident highlights the ongoing threat of malicious packages in the crypto industry.

External references