A VS Code extension for Ethereum smart contract development, ETHcode, was compromised through a GitHub pull request. The attacker, using a newly created account, submitted a PR that introduced a malicious dependency and code to execute it. The compromise was subtle, involving only two lines of code changes among thousands. The malicious code downloads and runs a batch script from a public file-hosting service, potentially to steal crypto assets or compromise Ethereum contracts. The extension, with nearly 6,000 installs, was removed from the marketplace after discovery. This incident highlights the importance of carefully reviewing contributions, especially from new accounts, and scrutinizing package dependencies in software development workflows.