Headline: “UNC5342 state‑sponsored hackers slip unremovable malware inside blockchains to steal cryptocurrency”
Published: October 21, 2025 (≈2 days ago) Tom’s Hardware
Key points:
- A group linked to North Korea (UNC5342) is using a new method called “EtherHiding”: embedding malware via smart contracts on public chains like Ethereum & BNB Smart Chain. Tom’s Hardware
- Malware components include a JavaScript loader (“JADESNOW”) and a back‑door (“INVISIBLEFERRET”), deployed via read‑only blockchain calls so they leave minimal trace. Tom’s Hardware
- Because smart contracts are immutable, the malicious code cannot be removed easily. This is a stark evolution in cyber‑threats using blockchain infrastructure.
Why it matters: - Shows that blockchains aren’t just financial or speculative systems — they’re now attack surfaces for nation‑state actors.
- Raises questions about the security of “public, permissionless” smart contract ecosystems when adversaries exploit immutability.
- For anyone using or developing smart contracts: it underscores the importance of auditing all code, being aware of hidden payloads, and monitoring on‑chain behaviours beyond typical transaction patterns.
What to watch: - Whether other nation‑states or hacker groups adopt similar tactics.
- What counter‑measures (e.g., contract upgrade patterns, audit standards) emerge.
- Impacts on wallet providers, smart‑contract platforms and whether this leads to regulatory scrutiny of “smart‑contract security”.