XRP, other crypto assets targeted in EtherHiding attack
North Korean threat actors have adopted a blockchain-based technique called EtherHiding to deliver malware designed to steal cryptocurrency including XRP.
- Hackers embed malicious code in smart contracts to steal XRP and other crypto.
- EtherHiding evades takedowns by hosting malware on decentralized blockchains.
- Fake recruiters trick developers into installing malware during job interviews.
According to Google’s Threat Intelligence Group , this is the first time GTIG has observed a nation-state actor using this method.
The method embeds malicious JavaScript payloads inside blockchain smart contracts to create resilient command-and-control servers.
The EtherHiding technique targets developers in cryptocurrency and technology sectors through social engineering campaigns tracked as “Contagious Interview.”
The campaign has led to numerous cryptocurrency heists affecting XRP ( XRP ) holders and users of other digital assets.
Blockchain-based attack infrastructure evades detection
EtherHiding stores malicious code on decentralized and permissionless blockchains and removes central servers that law enforcement or cybersecurity firms can take down.
Attackers controlling smart contracts can update malicious payloads at any time and maintain persistent access to compromised systems.
Security researchers can tag contracts as malicious on blockchain scanners like BscScan, but malicious activity continues regardless of these warnings.
Google’s report describes EtherHiding as a “shift towards next-generation bulletproof hosting” where blockchain technology features enable malicious purposes.
When users interact with compromised sites, the code activates to steal XRP, other cryptocurrencies, and sensitive data.
The compromised websites communicate with blockchain networks using read-only functions that avoid creating ledger transactions. This minimizes detection and transaction fees.
Sophisticated social engineering
The Contagious Interview campaign centers on social engineering tactics that mimicks legitimate recruitment processes through fake recruiters and fabricated companies.
Fake recruiters lure candidates onto platforms like Telegram or Discord, then deliver malware through deceptive coding tests or fake software downloads disguised as technical assessments.
The campaign employs multi-stage malware infection, including JADESNOW, BEAVERTAIL, and INVISIBLEFERRET variants affecting Windows, macOS, and Linux systems.
Victims believe they’re participating in legitimate job interviews while unknowingly downloading malware designed to gain persistent access to corporate networks and steal cryptocurrency holdings.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Zcash Halving 2025: Impact on Cryptocurrency Market Trends
- Zcash's 2025 halving reduced block rewards to 1.5625 ZEC, triggering a 950% price surge to $589 amid ZIP 1015 scarcity mechanisms. - Institutional adoption accelerated, with Grayscale acquiring 5% supply and Cypherpunk committing $100M, mirroring Bitcoin's post-halving trends. - Speculative trading drove $1.11B in Zcash futures open interest, causing 24% 24-hour price swings as retail investors chased scarcity-driven gains. - Hybrid consensus and optional privacy features differentiate Zcash from Bitcoin
ICP Network's Rapid Expansion and Increasing Institutional Embrace: Key Strategic Considerations for Long-Term Investors in Web3 Infrastructure
- ICP's 2025 growth stems from Fission/Chain Fusion upgrades enabling Bitcoin-Ethereum interoperability and Caffeine AI's no-code dApp platform attracting 2,000+ developers. - Institutional adoption surged with $1.14B TVL, Microsoft-Google partnerships, and first ICP ETP via Copper-DFINITY collaboration expanding institutional access. - Despite $4.71 price peak in November 2025, 10%+ volatility highlights risks, though 11,500 TPS capacity and $357M daily trading volume signal infrastructure strength. - Lon
New Prospects in STEM Learning and Career Advancement: Sustained Institutional Commitment to Academic Initiatives Fueling Tomorrow’s Innovation
- Global STEM education is accelerating as AI and engineering drive economic transformation, with 2025 government initiatives expanding AI-focused programs and workforce development. - U.S. universities report 114.4% growth in AI bachelor's enrollments, supported by corporate partnerships and $25M+ in tech industry investments for AI labs and teacher training. - EdTech's AI-powered platforms, valued at $5.3B in 2025, are projected to reach $98.1B by 2034, with startups like MagicSchool AI securing $45M in
ICP Caffeine AI: Leading the Way in AI-Powered Investment Prospects within the Web3 Landscape
- ICP Caffeine AI, developed by DFINITY Foundation, merges AI and blockchain to enable no-code app development via natural language prompts. - Its "chain-of-chains" architecture and Chain Fusion technology enhance scalability and cross-chain interoperability for AI-native applications. - With $237B TVL and partnerships with Microsoft/Google Cloud, ICP faces competition from TAO and RNDR but aims to rival AWS with on-chain AI solutions. - Institutional adoption in finance and energy, plus regulatory alignme
Trending news
MoreCrypto prices
More
