North Korean Hackers Weaponize Blockchain with EtherHiding Malware on BSC and Ethereum

17.10.2025 09:48 7 sources negative
BNB BNB $886.10 -0.28%
ETH ETH $3030.83 -0.27%

North Korean threat groups, including Famous Chollima and UNC5342, are leveraging blockchain technology to conceal malware payloads within smart contracts, a technique dubbed EtherHiding. This marks the first documented instance of a nation-state actor adopting such methods, as confirmed independently by Cisco Talos and Google Threat Intelligence Group. The attacks primarily target job seekers through fake recruitment processes, where perpetrators impersonate companies like Coinbase and Robinhood to distribute malicious software.

The malware families involved—BeaverTail, OtterCookie, JADESNOW, and INVISIBLEFERRET—feature keylogging, screenshot capabilities, and backdoor functions. They are distributed via GitHub repositories and the official NPM repository, such as a package named node-nvm-ssh disguised as a chess application called Chessfi. Since February 2025, UNC5342 has embedded payloads in smart contracts on the BNB Smart Chain and Ethereum, using read-only function calls to avoid transaction fees and obscure blockchain history.

EtherHiding creates a decentralized command-and-control infrastructure that is resilient to takedowns, as public blockchains cannot be easily altered or removed by law enforcement. Attackers have updated contracts over 20 times within four months, with an average gas fee of $1.37 per update. The malware retrieves payloads through API providers like Binplorer, Blockchair, and Ethplorer, and targets over 80 browser extensions, including MetaMask and Phantom, to steal cryptocurrency and credentials.

This campaign, known as Contagious Interview, has contributed to North Korean hackers stealing over $1.3 billion across 47 incidents in 2024 and $2.2 billion in the first half of 2025 alone, funding the regime's weapons programs. Fake US corporations, such as Blocknovas and Softglide, have been established to lend credibility to these schemes. Binance founder Changpeng Zhao has warned of similar attack vectors, including fake job applications and malware-laden links, citing a major incident that resulted in over $400 million in losses.

U.S. authorities have seized over $7.7 million in crypto linked to these operations, while cybersecurity firms recommend enhanced verification of job offers and monitoring for indicators of compromise to mitigate risks.

BNB BNB BNB $886.10 -0.28%
Highly negative fundamental catalyst as BNB Smart Chain is directly implicated in North Korean EtherHiding malware attacks. This creates significant security concerns and regulatory scrutiny risks for the BSC ecosystem. The association with nation-state hacking campaigns targeting crypto wallets and stealing billions undermines investor confidence. Short-term price pressure expected due to security fears and potential regulatory response. Long-term recovery depends on Binance's ability to address security vulnerabilities and restore trust in the platform.
Technical analysis
Technical indicators confirm bearish momentum with RSI deeply oversold (18-27 across timeframes), strong downtrend (ADX 46-62), and negative MACD. Volume elevated suggests panic selling. Oversold conditions may trigger minor bounce but trend remains negative.
ETH ETH Ethereum $3030.83 -0.27%
Negative fundamental shock from North Korean EtherHiding malware exploiting Ethereum smart contracts. High-credibility reports from Cisco Talos and Google confirm nation-state attacks targeting MetaMask users, creating security concerns and potential regulatory scrutiny. Short-term sentiment damage likely as users question platform security, though long-term impact may be limited if Ethereum developers implement security upgrades. Current $1.3B+ stolen figures amplify negative perception.
Technical analysis
Strong bearish technicals confirm negative fundamentals: RSI deeply oversold (27-33 across timeframes), MACD negative, price below all EMAs indicating sustained downtrend. High ADX (47-63) shows strong directional momentum supporting continued selling pressure.
Sources
Google Exposes $2B DPRK Hack Using EtherHiding Malware Across Ethereum and BNB Blockchains
Financefeeds 21.10.2025 19:31
DPRK Hackers Use 'EtherHiding' to Host Malware on Ethereum, BNB Blockchains: Google
Decrypt 21.10.2025 09:38
North Korean Hackers Use Blockchain to Hide Malware in New Campaign
coincentral.com 19.10.2025 10:09
Top Today
3 hour ago 5 sources
IPO Genie, Nexchain, and Tapzi Lead 2025 AI-Powered Crypto Presale Landscape
IPO
8 hour ago 5 sources
Bloomberg Analyst Declares Bitcoin Has Outlived the 'Tulip Bubble' Comparison After 17 Years
BTC BTC -0.89%
13 hour ago 5 sources
Jupiter Executive Admits 'Zero Contagion' Claims Were Inaccurate, Sparking DeFi Transparency Debate
JUP JUP -2.20%
SOL SOL -1.02%
yesterday / 21:30 7 sources
Binance Co-CEO He Yi Issues Stern Warning, Bans Employees from Token Creation and Promotion
BNB BNB -0.28%
yesterday / 21:03 6 sources
Poland Becomes EU's Sole MiCA Holdout After Parliament Fails to Override Presidential Veto
yesterday / 16:47 5 sources
PEPE Consolidates Near Key Resistance as Traders Await Breakout Direction
PEPE PEPE +0.02%
yesterday / 16:44 11 sources
French Banking Giant BPCE to Offer Direct Crypto Purchases for Millions of Clients
BTC BTC -0.89%
ETH ETH -0.27%
SOL SOL -1.02%
USDC USDC 0.00%