Crypto
Warning Crypto Investors—This Malicious Code Could Empty Your Wallet
Bitcoin emblem over a graph.
Recent reports have uncovered a series of malicious extensions in the Visual Studio Code, or VSCode, marketplace, targeting software developers and cryptocurrency enthusiasts with sophisticated attacks designed to compromise their systems and steal sensitive data. VSCode is a popular code editor used by millions of developers worldwide.
Security researcher Amit Assaraf recently revealed how attackers are exploiting the VSCode marketplace. Assaraf uncovered extensions that appeared to offer valuable features but were, in fact, Trojan horses for malware. One extension, masquerading as an official Zoom integration, seemed legitimate, boasting numerous installs and positive reviews. However, upon installation, the extension downloaded a malicious script from a Russian server, executing unauthorized commands on victims’ machines.
The attackers had carefully crafted their extensions to look authentic. They used fake reviews, linked to reputable repositories, and inflated download counts to make the tools appear credible—practices that can lull even experienced developers into a false sense of security.
Crypto in the VSCode Crosshairs
Further investigations revealed that this malicious activity is part of a broader campaign targeting developers working in blockchain and cryptocurrency environments. Reporting from BleepingComputer noted that some of these extensions claimed to support Ethereum development or blockchain toolkits. They also provided the following list of ones that were submitted to the VSCode marketplace:
- EVM.Blockchain-Toolkit
- VoiceMod.VoiceMod
- ZoomVideoCommunications.Zoom
- ZoomINC.Zoom-Workplace
- Ethereum.SoliditySupport
- ZoomWorkspace.Zoom (three versions)
- ethereumorg.Solidity-Language-for-Ethereum
- VitalikButerin.Solidity-Ethereum (two versions)
- SolidityFoundation.Solidity-Ethereum
- EthereumFoundation.Solidity-Language-for-Ethereum (two versions)
- SOLIDITY.Solidity-Language
- GavinWood.SolidityLang (two versions)
- EthereumFoundation.Solidity-for-Ethereum-Language
Adding to these findings, researchers at ReversingLabs uncovered how the VSCode campaign overlaps with similar malicious activity in the npm package repository. An npm package is a piece of reusable code that can be easily shared, distributed and integrated into software projects. These packages are used to build applications faster by reusing common functionalities, rather than writing everything from scratch. In their report, ReversingLabs explained how attackers often use multiple platforms to spread their malware, creating a more extensive attack surface that targets developers across ecosystems.
The Vulnerabilities Of The VSCode Ecosystem
While VSCode is celebrated for its versatility and user-friendly extension system, these same features make it a prime target for attackers. The issues stem from several vulnerabilities within the extension ecosystem:
- Unverified Publishers: Most of the extensions in the VSCode marketplace come from unverified publishers. This leaves developers with little assurance about an extension’s authenticity.
- Trust in Metrics: Developers often rely on install counts and reviews to gauge an extension’s credibility. Attackers exploit this trust by inflating these metrics and posting fake reviews.
- Limited Oversight: Despite Microsoft’s efforts to monitor and remove malicious extensions, the sheer volume of offerings in the marketplace makes it challenging to detect threats promptly.
VSCode: A Secondary Threat
Cryptocurrency wallets, whether stored on a computer or secured with a hardware wallet, are critical tools for managing digital assets. While these wallets are designed to protect private keys and transactions, the surrounding software environment—such as VSCode—can introduce vulnerabilities that put funds at risk, especially for wallets stored on a computer. Recent discoveries of malicious VSCode extensions demonstrate how a compromised development environment can lead to significant crypto losses, even for those who believe their wallets are secure.
The VSCode Threat to Computer Wallets
For users storing cryptocurrency on a desktop wallet, the risks posed by malicious VSCode extensions are immediate and direct. Here’s how it can happen:
- Keystroke Logging: A malicious VSCode extension, installed unknowingly, can quietly monitor and log every keystroke. If a user types in their wallet password, private keys or recovery phrases, this sensitive information is captured and sent to the attacker. Even the most secure desktop wallet becomes vulnerable if its credentials are exposed.
- Clipboard Hijacking: During transactions, users often copy and paste wallet addresses to avoid manual errors. Malware embedded in a VSCode extension can intercept clipboard activity, replacing the intended wallet address with the attacker’s. Without double-checking the address, the user may unknowingly send funds directly to the hacker.
- Fake Prompts or Interfaces: Some malicious extensions inject phishing-style prompts into the software environment, asking users to “verify” their wallet credentials or seed phrases. These prompts appear legitimate, but the data entered is captured by the attacker.
- Manipulated Transactions: For developers working with blockchain APIs, malicious extensions can intercept and alter transaction details. For instance, if a wallet is used to send funds programmatically, an attacker could change the destination address or transaction parameters without the user noticing.
Imagine a blockchain developer using VSCode to build an app that integrates with their desktop wallet for testing purposes. They install an extension claiming to simplify Ethereum contract deployment. Unbeknownst to them, the extension is malicious. It begins logging keystrokes and steals the wallet password. When the developer initiates a test transaction, the extension intercepts the API call and replaces the intended recipient address with one controlled by the attacker. The funds are irretrievably sent to the wrong destination.
These revelations are a wake-up call for developers and platform administrators alike. The trust users place in extension marketplaces is being weaponized. Relying on trust metrics alone—such as download counts or reviews—is not sufficient. Developers must remain vigilant and take proactive measures to protect their environments and their cryptocurrency.
Key Takeaways
- IHC executed a landmark $30 million transaction using the new DDSC token on ADI Chain.
- This milestone expands the UAE crypto market, following approvals for Mbank’s AE Coin and Zand’s AEDZ.
- Developers now plan to connect the Middle East with global markets via new DDSC digital trade corridors.
Major Institutional Transaction Executed
The Abu Dhabi-based global investment company, International Holding Company (IHC), has executed a $30 million (AED 110 million) transaction using a stablecoin backed by the United Arab Emirates (UAE) dirham, marking the first major institutional use of the stablecoin since receiving regulatory approval. The transaction was carried out using the DDSC stablecoin on ADI Chain, an institutional Layer-2 blockchain developed by the ADI Foundation.
Officials said the multimillion-dollar transaction demonstrates the digital currency ecosystem’s operational readiness and ability to handle institutional volumes. DDSC was created through a partnership among IHC, First Abu Dhabi Bank and Sirius International Holding, with technological support from the ADI Foundation.
The Central Bank of the UAE’s approval of the DDSC stablecoin earlier this year is part of a broader regulatory push that has already seen multiple dirham-backed tokens clear licensing hurdles. As per one report, the first AED stablecoin to secure central bank approval was the AE Coin, issued by Al Maryah Community Bank (Mbank). Additionally, Zand Bank recently obtained a license for AEDZ, distinguishing itself as the UAE’s first regulated, multi-chain AED-backed stablecoin designed to operate natively on public blockchains.
According to a media statement, the project aims to provide secure and regulated digital transactions for corporations and individuals while speeding up cross-border payments and trade settlements.
“This transaction demonstrates that the UAE’s digital infrastructure is live, resilient, and ready to support real institutional financial activity,” Syed Basar Shueb, chief executive officer of IHC, said in a statement. “Executing 110 million DDSC on ADI Chain is a clear signal that we are entering the next phase, where institutional-grade digital assets are not only viable, but operational at scale.”
Proponents of stablecoins argue they reduce the high costs, delays and complexities associated with traditional international banking systems, particularly in emerging markets.
Following the successful transaction, developers said they plan to expand institutional participation and establish new digital trade and payment corridors connecting the Middle East with global markets.
This week was a rollercoaster ride in the world of cryptocurrency and NFTs. From Michael Saylor and Kevin O’Leary sharing their insights on Bitcoin, to the surprising performance of XRP ETFs and SpaceX revealing its Bitcoin holdings ahead of its IPO. Not to forget, the popular NFT brand Pudgy Penguins is extending its partnership with Manchester City Soccer Club.
Let’s dive into the details.
Michael Saylor’s Bitcoin Perspective
Michael Saylor, CEO of MicroStrategy Inc., stated that Bitcoin would have been trading between $40,000 and $50,000 without his company’s involvement. MicroStrategy is the world’s largest corporate holder of Bitcoin, owning approximately 818,000 units. Saylor believes that even without his company, Bitcoin would have found success, but MicroStrategy’s involvement accelerated its price appreciation.
Read the full article here.
Kevin O’Leary’s Take On Bitcoin
Kevin O’Leary, the “Shark Tank” star, emphasized the need for a crypto bill to pass for Bitcoin and tokenization to move beyond the fringes for major institutional players. He believes that global compliance within the SEC through the passage of a bill will change everything. With the midterms approaching in November, O’Leary sees the present as the perfect opportunity to pass this bill.
Read the full article here.
XRP ETFs Vs Bitcoin ETFs
While Bitcoin ETFs saw a loss of $1.4 billion, XRP-linked funds attracted $42 million. This stark contrast in performance has left many wondering about the future of these cryptocurrencies. XRP held near $1.37, down 1% on the day.
Read the full article here.
SpaceX’s Bitcoin Holdings
SpaceX, led by Elon Musk, revealed that it holds more than $1 billion in Bitcoin on its balance sheet. The company disclosed 18,712 BTC on hand as of March 31, recognized at a fair value of $1.29 billion. At current prices, this stash would be worth $1.45 billion.
Read the full article here.
Pudgy Penguins And Manchester City
The popular NFT brand Pudgy Penguins announced the extension of its collaboration with English soccer club Manchester City. This follows the successful launch of a limited-edition collectible and hoodie earlier this year. The brand promises to create exciting experiences at the intersection of physical and digital, bringing Pengu and Pudgy Penguins to City fans worldwide.
Read the full article here.
Binance In The Eye Of The Storm
Read the full article here.
Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors.
Image via Shutterstock
Key Takeaways
- The Libra Trust got 71 apps and will next fund Argentine firms seeking to grow.
- To fight scam claims, Hayden Davis sent funds on Nov 22 to the trust, which will distribute grants by November.
- To restore market trust, the fund could next pay Viva La Libertad victims filing claims before Nov 22, 2025.
Libra Trust Set up to Empower Argentine Companies After the Token’s Demise
Over a year after the Viva La Libertad project, also known as the Libra token, faced its demise, leaving thousands of investors affected, the funds kept from token purchases seem to be, at last, fulfilling its original purpose.
Proceeds from Libra’s token sale, infamously promoted by Argentine President Javier Milei on social media, are now in the hands of the Libra Trust, which received the funds from alleged Libra creator Hayden Davis on November 22 as a defense strategy to disprove the scam allegations made against Davis in a lawsuit.
According to Argentine media, the trust, whose purpose is to bring these funds to Argentine companies seeking grants to support their growth, has already received 71 applications to access part of these funds.
In the next few days, the Trust will begin organizing these applications and running checks on their feasibility and origin before delivering any funds. While there are no set dates for this, the Trust indicated that the grants will start being delivered before November.
“The timing of the distributions will depend on the promptness with which funding applicants respond to the questions that will be sent in the coming days,” the Trust stated.
“Financing decisions will be made based on the needs of the selected applicants. The trust funds will be managed prudently to enable the financing of strong applications that merit support,” it revealed, without giving further details on how this support would be distributed.
Nonetheless, the trust also opened a path for Libra’s victims to apply for compensation, for Argentine nationals who filed claims regarding alleged losses arising from the investment in the Libra token before November 22, 2025.
Even so, there is no certainty in how many of these funds will be distributed.
-
Pennsylvania4 minutes agoPennsylvania will automatically return your unclaimed money — with one exception
-
Rhode Island10 minutes agoThe Real Housewives of Rhode Island Recap: Trivial Pursuits
-
South-Carolina16 minutes agoLoose umbrella fatally strikes woman at South Carolina restaurant
-
South Dakota22 minutes agoSDAHO Highlights Internal Expertise at the 2026 Rural Health Leaders Conference – Midwest Medical Edition
-
Tennessee28 minutes ago
TN Lottery Cash 3 Evening, Cash 4 Evening winning numbers for May 24, 2026
-
Texas34 minutes agoDiners are staying home, so this restaurant lets patrons pay what they want
-
Utah40 minutes agoGusty thunderstorms possible statewide on Memorial Day
-
Vermont46 minutes agoScott Signs Rare Disease Advisory Council into law
