Crypto
Warning Crypto Investors—This Malicious Code Could Empty Your Wallet
Bitcoin emblem over a graph.
Recent reports have uncovered a series of malicious extensions in the Visual Studio Code, or VSCode, marketplace, targeting software developers and cryptocurrency enthusiasts with sophisticated attacks designed to compromise their systems and steal sensitive data. VSCode is a popular code editor used by millions of developers worldwide.
Security researcher Amit Assaraf recently revealed how attackers are exploiting the VSCode marketplace. Assaraf uncovered extensions that appeared to offer valuable features but were, in fact, Trojan horses for malware. One extension, masquerading as an official Zoom integration, seemed legitimate, boasting numerous installs and positive reviews. However, upon installation, the extension downloaded a malicious script from a Russian server, executing unauthorized commands on victims’ machines.
The attackers had carefully crafted their extensions to look authentic. They used fake reviews, linked to reputable repositories, and inflated download counts to make the tools appear credible—practices that can lull even experienced developers into a false sense of security.
Crypto in the VSCode Crosshairs
Further investigations revealed that this malicious activity is part of a broader campaign targeting developers working in blockchain and cryptocurrency environments. Reporting from BleepingComputer noted that some of these extensions claimed to support Ethereum development or blockchain toolkits. They also provided the following list of ones that were submitted to the VSCode marketplace:
- EVM.Blockchain-Toolkit
- VoiceMod.VoiceMod
- ZoomVideoCommunications.Zoom
- ZoomINC.Zoom-Workplace
- Ethereum.SoliditySupport
- ZoomWorkspace.Zoom (three versions)
- ethereumorg.Solidity-Language-for-Ethereum
- VitalikButerin.Solidity-Ethereum (two versions)
- SolidityFoundation.Solidity-Ethereum
- EthereumFoundation.Solidity-Language-for-Ethereum (two versions)
- SOLIDITY.Solidity-Language
- GavinWood.SolidityLang (two versions)
- EthereumFoundation.Solidity-for-Ethereum-Language
Adding to these findings, researchers at ReversingLabs uncovered how the VSCode campaign overlaps with similar malicious activity in the npm package repository. An npm package is a piece of reusable code that can be easily shared, distributed and integrated into software projects. These packages are used to build applications faster by reusing common functionalities, rather than writing everything from scratch. In their report, ReversingLabs explained how attackers often use multiple platforms to spread their malware, creating a more extensive attack surface that targets developers across ecosystems.
The Vulnerabilities Of The VSCode Ecosystem
While VSCode is celebrated for its versatility and user-friendly extension system, these same features make it a prime target for attackers. The issues stem from several vulnerabilities within the extension ecosystem:
- Unverified Publishers: Most of the extensions in the VSCode marketplace come from unverified publishers. This leaves developers with little assurance about an extension’s authenticity.
- Trust in Metrics: Developers often rely on install counts and reviews to gauge an extension’s credibility. Attackers exploit this trust by inflating these metrics and posting fake reviews.
- Limited Oversight: Despite Microsoft’s efforts to monitor and remove malicious extensions, the sheer volume of offerings in the marketplace makes it challenging to detect threats promptly.
VSCode: A Secondary Threat
Cryptocurrency wallets, whether stored on a computer or secured with a hardware wallet, are critical tools for managing digital assets. While these wallets are designed to protect private keys and transactions, the surrounding software environment—such as VSCode—can introduce vulnerabilities that put funds at risk, especially for wallets stored on a computer. Recent discoveries of malicious VSCode extensions demonstrate how a compromised development environment can lead to significant crypto losses, even for those who believe their wallets are secure.
The VSCode Threat to Computer Wallets
For users storing cryptocurrency on a desktop wallet, the risks posed by malicious VSCode extensions are immediate and direct. Here’s how it can happen:
- Keystroke Logging: A malicious VSCode extension, installed unknowingly, can quietly monitor and log every keystroke. If a user types in their wallet password, private keys or recovery phrases, this sensitive information is captured and sent to the attacker. Even the most secure desktop wallet becomes vulnerable if its credentials are exposed.
- Clipboard Hijacking: During transactions, users often copy and paste wallet addresses to avoid manual errors. Malware embedded in a VSCode extension can intercept clipboard activity, replacing the intended wallet address with the attacker’s. Without double-checking the address, the user may unknowingly send funds directly to the hacker.
- Fake Prompts or Interfaces: Some malicious extensions inject phishing-style prompts into the software environment, asking users to “verify” their wallet credentials or seed phrases. These prompts appear legitimate, but the data entered is captured by the attacker.
- Manipulated Transactions: For developers working with blockchain APIs, malicious extensions can intercept and alter transaction details. For instance, if a wallet is used to send funds programmatically, an attacker could change the destination address or transaction parameters without the user noticing.
Imagine a blockchain developer using VSCode to build an app that integrates with their desktop wallet for testing purposes. They install an extension claiming to simplify Ethereum contract deployment. Unbeknownst to them, the extension is malicious. It begins logging keystrokes and steals the wallet password. When the developer initiates a test transaction, the extension intercepts the API call and replaces the intended recipient address with one controlled by the attacker. The funds are irretrievably sent to the wrong destination.
These revelations are a wake-up call for developers and platform administrators alike. The trust users place in extension marketplaces is being weaponized. Relying on trust metrics alone—such as download counts or reviews—is not sufficient. Developers must remain vigilant and take proactive measures to protect their environments and their cryptocurrency.
Kraken Valued at $13 Billion After Deutsche Börse Stake
Deutsche Börse has taken a minority stake in crypto exchange Kraken, marking one of the clearest signs yet of Europe’s largest market operator deepening its exposure to digital assets.
The German exchange group said it invested $200 million in Payward, Kraken’s parent company, securing roughly a 1.5% fully diluted ownership. The transaction values Kraken at about $13.3 billion, according to reporting by Bloomberg.
The move builds on an existing relationship between the two firms and signals a broader push to integrate traditional financial infrastructure with crypto markets. The partnership is expected to focus on regulated offerings, including tokenized assets and derivatives, while improving liquidity for institutional clients.
As part of the collaboration, Kraken will integrate with 360T, Deutsche Börse’s foreign exchange trading platform. The connection is designed to provide Kraken users with access to bank-grade foreign exchange liquidity, potentially streamlining the conversion between fiat currencies and digital assets.
The companies also plan to expand the use of Kraken Embed, a service that allows institutions to offer crypto trading and custody under their own brands. The initiative targets banks, fintech firms, and asset managers seeking to enter the digital asset space without building infrastructure from scratch.
Further developments are expected, subject to regulatory approval. These include enabling trading of derivatives listed on Eurex, Deutsche Börse’s derivatives exchange, through Kraken’s platform.
The investment underscores a growing convergence between established financial institutions and the crypto sector. For Kraken, the backing from Deutsche Börse provides capital and strategic alignment with one of Europe’s most influential financial market operators. For Deutsche Börse, the stake offers a direct foothold in a global crypto platform at a time when competition for digital asset infrastructure is intensifying.
The deal also reflects a broader trend of legacy financial firms moving beyond exploratory partnerships toward equity investments in crypto companies. By combining trading, custody, and tokenization capabilities, both firms are positioning themselves to capture a larger share of institutional flows into digital assets.
Key Takeaways:
- Alameda moved $16 million worth of SOL to a wallet linked with repayment efforts, signaling ongoing FTX creditor payouts.
- Alameda still holds 3.5 million SOL ($294 million), meaning supply overhang may impact solana markets.
- FTX-era asset releases since 2022 suggest continued distributions could shape liquidity next.
Alameda Unstakes SOL, Signals Ongoing Creditor Distributions
Alameda Research has transferred roughly $16 million worth of solana ( SOL) tokens after unstaking the assets, in a move that points to continued creditor repayments tied to the collapse of FTX.
Blockchain data tracked by Arkham Intelligence shows the tokens were sent to an address previously associated with distribution efforts. The transaction follows a similar pattern observed in recent months, where unstaked assets were routed to wallets linked to reimbursing creditors.
While there has been no official confirmation that the latest transfer will be distributed immediately, the repetition of this process suggests it forms part of a structured repayment strategy rather than a one-off movement.
Unstaking allows previously locked tokens in proof-of- stake networks to be withdrawn and made liquid. In this case, it enables Alameda to free up assets that can be redirected toward obligations stemming from FTX’s bankruptcy proceedings.
The latest transfer comes about a month after a comparable transaction, when Alameda moved a similar tranche of SOL to the same destination address. That earlier move reinforced expectations that such transfers are tied to ongoing creditor payouts.
Despite the asset sales, Alameda retains a substantial position in solana. The firm still holds approximately 3.5 million SOL, valued at around $294 million, according to Arkham data.
Solana remains one of the largest digital assets by market value, with a capitalization of about $47 billion. The token has traded near $82 in recent sessions, significantly below its peak of $293 reached early last year.
Alameda, founded in 2017 by Sam Bankman-Fried, was once a dominant trading firm in the crypto market. It played a central role in providing liquidity across exchanges and operated extensively in spot and derivatives markets.
Its fortunes shifted dramatically following the collapse of FTX in late 2022, which triggered a wave of insolvencies and legal proceedings. Since then, asset recovery and creditor repayment have been central to the restructuring process.
The steady movement of funds such as SOL highlights the scale and complexity of unwinding Alameda’s positions. Each transfer offers a signal, albeit indirect, of progress in returning value to creditors.
Hawaii Offers Case-by-Case Tax Relief After Kona Low Storms – Honolulu Today
Illinois Holocaust Museum honors Holocaust victims for Yom HaShoah
Fantasy Football Video: Will the Raiders reunite Fernando Mendoza with an Indiana WR in the 2026 NFL Draft?
Are tornadoes in Iowa possible today? Here’s what forecasters say
Kansas City murder suspect added to FBI’s Ten Most Wanted Fugitives list
Florida High School Football Rankings: Top 25 teams – Oct. 21
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
99th annual Pony Swim held in Virginia
Indiana Members Credit Union announced as new anchor tenant at Bottleworks District
Video: How Stephen Miller Is Adjusting Trump’s Immigration Agenda
Biden DOJ weaponized FACE Act against pro-life Americans, 882-report alleges
Mass drone warfare is Europe’s rising security threat
Man accused in Molotov cocktail attack of OpenAI CEO’s home charged with attempted murder
Embattled Rep Tony Gonzales announces plans to resign amid sexual misconduct allegations
-
Atlanta, GA1 week ago1 teenage girl killed, another injured in shooting at Piedmont Park, police say
-
Georgia1 week agoGeorgia House Special Runoff Election 2026 Live Results
-
Arkansas4 days agoArkansas TV meteorologist Melinda Mayo retires after nearly four decades on air
-
Pennsylvania1 week agoParents charged after toddler injured by wolf at Pennsylvania zoo
-
Milwaukee, WI1 week agoPotawatomi Casino Hotel evacuated after fire breaks out in rooftop HVAC system
-
Austin, TX7 days agoABC Kite Fest Returns to Austin for Annual Celebration – Austin Today
-
World1 week agoZelenskyy warns US-Iran war could divert critical aid from Ukraine
-
World1 week agoIndonesia receives bodies of peacekeepers killed in southern Lebanon