ExchangeDEX+
Buy CryptoMarketsSpotFutures500XEarnEvents
More
Gold Bar & BTC Giveaway2000g
The post XRP, other crypto assets targeted in EtherHiding attack appeared on BitcoinEthereumNews.com. North Korean threat actors have adopted a blockchain-based technique called EtherHiding to deliver malware designed to steal cryptocurrency including XRP. Summary Hackers embed malicious code in smart contracts to steal XRP and other crypto. EtherHiding evades takedowns by hosting malware on decentralized blockchains. Fake recruiters trick developers into installing malware during job interviews. According to Google’s Threat Intelligence Group, this is the first time GTIG has observed a nation-state actor using this method. The method embeds malicious JavaScript payloads inside blockchain smart contracts to create resilient command-and-control servers. The EtherHiding technique targets developers in cryptocurrency and technology sectors through social engineering campaigns tracked as “Contagious Interview.” The campaign has led to numerous cryptocurrency heists affecting XRP (XRP) holders and users of other digital assets. Blockchain-based attack infrastructure evades detection EtherHiding stores malicious code on decentralized and permissionless blockchains and removes central servers that law enforcement or cybersecurity firms can take down. Attackers controlling smart contracts can update malicious payloads at any time and maintain persistent access to compromised systems. Security researchers can tag contracts as malicious on blockchain scanners like BscScan, but malicious activity continues regardless of these warnings. Google’s report describes EtherHiding as a “shift towards next-generation bulletproof hosting” where blockchain technology features enable malicious purposes. When users interact with compromised sites, the code activates to steal XRP, other cryptocurrencies, and sensitive data. The compromised websites communicate with blockchain networks using read-only functions that avoid creating ledger transactions. This minimizes detection and transaction fees. Sophisticated social engineering The Contagious Interview campaign centers on social engineering tactics that mimicks legitimate recruitment processes through fake recruiters and fabricated companies. Fake recruiters lure candidates onto platforms like Telegram or Discord, then deliver malware through deceptive coding tests or fake software downloads disguised as technical assessments. The campaign employs multi-stage malware infection, including… The post XRP, other crypto assets targeted in EtherHiding attack appeared on BitcoinEthereumNews.com. North Korean threat actors have adopted a blockchain-based technique called EtherHiding to deliver malware designed to steal cryptocurrency including XRP. Summary Hackers embed malicious code in smart contracts to steal XRP and other crypto. EtherHiding evades takedowns by hosting malware on decentralized blockchains. Fake recruiters trick developers into installing malware during job interviews. According to Google’s Threat Intelligence Group, this is the first time GTIG has observed a nation-state actor using this method. The method embeds malicious JavaScript payloads inside blockchain smart contracts to create resilient command-and-control servers. The EtherHiding technique targets developers in cryptocurrency and technology sectors through social engineering campaigns tracked as “Contagious Interview.” The campaign has led to numerous cryptocurrency heists affecting XRP (XRP) holders and users of other digital assets. Blockchain-based attack infrastructure evades detection EtherHiding stores malicious code on decentralized and permissionless blockchains and removes central servers that law enforcement or cybersecurity firms can take down. Attackers controlling smart contracts can update malicious payloads at any time and maintain persistent access to compromised systems. Security researchers can tag contracts as malicious on blockchain scanners like BscScan, but malicious activity continues regardless of these warnings. Google’s report describes EtherHiding as a “shift towards next-generation bulletproof hosting” where blockchain technology features enable malicious purposes. When users interact with compromised sites, the code activates to steal XRP, other cryptocurrencies, and sensitive data. The compromised websites communicate with blockchain networks using read-only functions that avoid creating ledger transactions. This minimizes detection and transaction fees. Sophisticated social engineering The Contagious Interview campaign centers on social engineering tactics that mimicks legitimate recruitment processes through fake recruiters and fabricated companies. Fake recruiters lure candidates onto platforms like Telegram or Discord, then deliver malware through deceptive coding tests or fake software downloads disguised as technical assessments. The campaign employs multi-stage malware infection, including…

XRP, other crypto assets targeted in EtherHiding attack

By: BitcoinEthereumNews
2025/10/19 01:01
XRP
XRP$1.9942-0.70%
COM
COM$0.007428+22.07%
Smart Blockchain
SMART$0.004693+3.00%
Overtake
TAKE$0.35219+5.26%
Tagger
TAG$0.0005715-3.36%

North Korean threat actors have adopted a blockchain-based technique called EtherHiding to deliver malware designed to steal cryptocurrency including XRP.

Summary

  • Hackers embed malicious code in smart contracts to steal XRP and other crypto.
  • EtherHiding evades takedowns by hosting malware on decentralized blockchains.
  • Fake recruiters trick developers into installing malware during job interviews.

According to Google’s Threat Intelligence Group, this is the first time GTIG has observed a nation-state actor using this method.

The method embeds malicious JavaScript payloads inside blockchain smart contracts to create resilient command-and-control servers.

The EtherHiding technique targets developers in cryptocurrency and technology sectors through social engineering campaigns tracked as “Contagious Interview.”

The campaign has led to numerous cryptocurrency heists affecting XRP (XRP) holders and users of other digital assets.

Blockchain-based attack infrastructure evades detection

EtherHiding stores malicious code on decentralized and permissionless blockchains and removes central servers that law enforcement or cybersecurity firms can take down.

Attackers controlling smart contracts can update malicious payloads at any time and maintain persistent access to compromised systems.

Security researchers can tag contracts as malicious on blockchain scanners like BscScan, but malicious activity continues regardless of these warnings.

Google’s report describes EtherHiding as a “shift towards next-generation bulletproof hosting” where blockchain technology features enable malicious purposes.

When users interact with compromised sites, the code activates to steal XRP, other cryptocurrencies, and sensitive data.

The compromised websites communicate with blockchain networks using read-only functions that avoid creating ledger transactions. This minimizes detection and transaction fees.

Sophisticated social engineering

The Contagious Interview campaign centers on social engineering tactics that mimicks legitimate recruitment processes through fake recruiters and fabricated companies.

Fake recruiters lure candidates onto platforms like Telegram or Discord, then deliver malware through deceptive coding tests or fake software downloads disguised as technical assessments.

The campaign employs multi-stage malware infection, including JADESNOW, BEAVERTAIL, and INVISIBLEFERRET variants affecting Windows, macOS, and Linux systems.

Victims believe they’re participating in legitimate job interviews while unknowingly downloading malware designed to gain persistent access to corporate networks and steal cryptocurrency holdings.

Source: https://crypto.news/xrp-crypto-assets-targeted-etherhiding-attack/

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

You May Also Like

Aave DAO to Shut Down 50% of L2s While Doubling Down on GHO

Aave DAO to Shut Down 50% of L2s While Doubling Down on GHO

The post Aave DAO to Shut Down 50% of L2s While Doubling Down on GHO appeared on BitcoinEthereumNews.com. Aave DAO is gearing up for a significant overhaul by shutting down over 50% of underperforming L2 instances. It is also restructuring its governance framework and deploying over $100 million to boost GHO. This could be a pivotal moment that propels Aave back to the forefront of on-chain lending or sparks unprecedented controversy within the DeFi community. Sponsored Sponsored ACI Proposes Shutting Down 50% of L2s The “State of the Union” report by the Aave Chan Initiative (ACI) paints a candid picture. After a turbulent period in the DeFi market and internal challenges, Aave (AAVE) now leads in key metrics: TVL, revenue, market share, and borrowing volume. Aave’s annual revenue of $130 million surpasses the combined cash reserves of its competitors. Tokenomics improvements and the AAVE token buyback program have also contributed to the ecosystem’s growth. Aave global metrics. Source: Aave However, the ACI’s report also highlights several pain points. First, regarding the Layer-2 (L2) strategy. While Aave’s L2 strategy was once a key driver of success, it is no longer fit for purpose. Over half of Aave’s instances on L2s and alt-L1s are not economically viable. Based on year-to-date data, over 86.6% of Aave’s revenue comes from the mainnet, indicating that everything else is a side quest. On this basis, ACI proposes closing underperforming networks. The DAO should invest in key networks with significant differentiators. Second, ACI is pushing for a complete overhaul of the “friendly fork” framework, as most have been unimpressive regarding TVL and revenue. In some cases, attackers have exploited them to Aave’s detriment, as seen with Spark. Sponsored Sponsored “The friendly fork model had a good intention but bad execution where the DAO was too friendly towards these forks, allowing the DAO only little upside,” the report states. Third, the instance model, once a smart…
DeFi
DEFI$0.000612+1.15%
TokenFi
TOKEN$0.003204-1.68%
COM
COM$0.007267+19.44%
Share
BitcoinEthereumNews2025/09/18 02:28
The "1011 Insider Whale" has added approximately 15,300 ETH to its long positions in the past 24 hours, bringing its total account holdings to $723 million.

The "1011 Insider Whale" has added approximately 15,300 ETH to its long positions in the past 24 hours, bringing its total account holdings to $723 million.

PANews reported on December 15th that, according to Hyperbot data, the "whale that opened short positions after the flash crash on October 11th" has added approximately
Ethereum
ETH$3,159.61+1.75%
Belong
LONG$0.00586-38.85%
4
4$0.02492-1.11%
Share
PANews2025/12/15 17:19
Xinjiang Mining Shutdown Sparks Network Security Concerns

Xinjiang Mining Shutdown Sparks Network Security Concerns

The post Xinjiang Mining Shutdown Sparks Network Security Concerns appeared on BitcoinEthereumNews.com. Bitcoin Hashrate Plummets 8%: Xinjiang Mining Shutdown Sparks
Share
BitcoinEthereumNews2025/12/15 16:50

Trending News

More

Aave DAO to Shut Down 50% of L2s While Doubling Down on GHO

The "1011 Insider Whale" has added approximately 15,300 ETH to its long positions in the past 24 hours, bringing its total account holdings to $723 million.

Xinjiang Mining Shutdown Sparks Network Security Concerns

Zcash (ZEC) Price: Buyers Withdraw $17 Million From Exchanges During Pullback

Stablecoin builders rush to preempt regulatory challenges with GENIUS Act on horizon

Quick Reads

More

EthXY (SEXY) Price Prediction 2026-2030: Expert Analysis & Investment Outlook

Ethereum's Future: Institutional Investment and Price Potential

The Psychology of FOLO in Cryptocurrency Trading: Understanding and Overcoming Fear

How to Buy EthXY (SEXY) On MEXC? Complete Trading Guide 2026

What is EthXY (SEXY)? Complete Guide to This Base Chain Blockchain Gaming Token

Crypto Prices

mc_price_img_alt

Ethereum

ETH

$3,159.00
$3,159.00$3,159.00

+2.41%

mc_price_img_alt

Bitcoin

BTC

$89,885.16
$89,885.16$89,885.16

+0.96%

mc_price_img_alt

Solana

SOL

$132.57
$132.57$132.57

+1.46%

mc_price_img_alt

XRP

XRP

$1.9942
$1.9942$1.9942

+0.15%

mc_price_img_alt

Zcash

ZEC

$407.86
$407.86$407.86

+1.14%