XRP, other crypto assets targeted in EtherHiding attack
North Korean threat actors have adopted a blockchain-based technique called EtherHiding to deliver malware designed to steal cryptocurrency including XRP.
- Hackers embed malicious code in smart contracts to steal XRP and other crypto.
- EtherHiding evades takedowns by hosting malware on decentralized blockchains.
- Fake recruiters trick developers into installing malware during job interviews.
According to Google’s Threat Intelligence Group , this is the first time GTIG has observed a nation-state actor using this method.
The method embeds malicious JavaScript payloads inside blockchain smart contracts to create resilient command-and-control servers.
The EtherHiding technique targets developers in cryptocurrency and technology sectors through social engineering campaigns tracked as “Contagious Interview.”
The campaign has led to numerous cryptocurrency heists affecting XRP ( XRP ) holders and users of other digital assets.
Blockchain-based attack infrastructure evades detection
EtherHiding stores malicious code on decentralized and permissionless blockchains and removes central servers that law enforcement or cybersecurity firms can take down.
Attackers controlling smart contracts can update malicious payloads at any time and maintain persistent access to compromised systems.
Security researchers can tag contracts as malicious on blockchain scanners like BscScan, but malicious activity continues regardless of these warnings.
Google’s report describes EtherHiding as a “shift towards next-generation bulletproof hosting” where blockchain technology features enable malicious purposes.
When users interact with compromised sites, the code activates to steal XRP, other cryptocurrencies, and sensitive data.
The compromised websites communicate with blockchain networks using read-only functions that avoid creating ledger transactions. This minimizes detection and transaction fees.
Sophisticated social engineering
The Contagious Interview campaign centers on social engineering tactics that mimicks legitimate recruitment processes through fake recruiters and fabricated companies.
Fake recruiters lure candidates onto platforms like Telegram or Discord, then deliver malware through deceptive coding tests or fake software downloads disguised as technical assessments.
The campaign employs multi-stage malware infection, including JADESNOW, BEAVERTAIL, and INVISIBLEFERRET variants affecting Windows, macOS, and Linux systems.
Victims believe they’re participating in legitimate job interviews while unknowingly downloading malware designed to gain persistent access to corporate networks and steal cryptocurrency holdings.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Resilience-Focused Business Strategies: The Role of Challenges in Shaping Entrepreneurs and Organizations
- Adversity-driven founders build resilient enterprises through operational discipline and long-term vision, outperforming peers during economic crises. - Case studies like Nikita Hair and Dyson show hardship fosters innovation, customer focus, and iterative resilience critical for scalability. - 2025 investors prioritize founder-led companies with adversity-fueled cultures, exemplified by Berkshire's $30.8B Q3 earnings and Palantir's 121% revenue growth. - Resilient leadership correlates with 20% higher e
Blockchain-Based Charity Transforms the Impact of Cryptocurrency in Hong Kong Fire Recovery Efforts
- Crypto firms led by Animoca Brands and Bitget raised HK$24.5M for Hong Kong fire victims via blockchain-based donations and stablecoin conversions. - Animoca's EVM/Solana fundraiser ensured 100% transparency by channeling funds directly to Red Cross via platforms like Flip. - Bitget's $12M HKD donation through Yan Chai Hospital and Salvation Army highlighted crypto sector's rapid crisis response capabilities. - The initiative demonstrated blockchain's potential for real-time humanitarian aid while addres
Crypto’s Susceptibility to Quantum Attacks Revealed in North Korea’s $30 Million Breach
- South Korea's Upbit suffered a $30M hack by North Korea's Lazarus Group, exploiting Solana wallets and using multi-chain laundering to convert stolen assets into Ethereum . - Hackers employed "Harvest Now, Decrypt Later" tactics, storing encrypted data for future quantum decryption, raising concerns about current encryption standards. - Dunamu halted transactions and faces potential fines, while the attack coincided with its $10.3B Naver Financial merger, sparking timing scrutiny and regulatory delays. -
Solana News Today: Solana Price Swings and Institutional Trust: $140 Emerges as Key Breakout Trigger
- Solana's price nears $140 threshold as technical indicators and record ETF inflows signal institutional-driven structural shift. - $621M in 21-day ETF inflows highlight growing institutional adoption, contrasting with Bitcoin/Ethereum outflows and positioning Solana as a long-term capital magnet. - Franklin Templeton's pending ETF filing and stable derivatives positioning suggest imminent catalysts could trigger breakout or consolidation. - Market remains in holding pattern with $140 resistance critical
Trending news
MoreCrypto prices
More
