A fresh wave of software supply chain attacks has emerged in the npm ecosystem, with four malicious packages discovered targeting Ethereum developers. The packages, uploaded by a user named “flashbotts,” pose as legitimate Flashbots and cryptographic utilities but are designed to steal sensitive wallet credentials, including private keys and mnemonic seed phrases. Security researchers at Socket, led by Kush Pandya, exposed the threat, emphasizing the danger it poses to the Web3 and DeFi development community.
The most concerning package, @flashbotts/ethers-provider-bundle, advertises compatibility with the Flashbots API but secretly exfiltrates environment variables via SMTP using Mailtrap. It also contains a transaction manipulation function that reroutes unsigned transactions to an attacker-controlled wallet and logs data from signed transactions. Flashbots is a well-known infrastructure provider that works to mitigate MEV (Maximal Extractable Value) attacks on Ethereum, making it a trusted name and a prime target for impersonation.
Other identified malicious packages include flashbot-sdk-eth, sdk-ethers, and gram-utilz, with download counts ranging from dozens to several hundred. Some of these modules exhibit selective activation of malicious code, such as sdk-ethers, which only sends mnemonic phrases to a Telegram bot when specific functions are called by developers, allowing it to blend in with harmless functionality and evade detection. Similarly, gram-utilz includes modular components for data exfiltration to a Telegram chat.
All four packages remain publicly available on npm at the time of reporting, with the earliest upload dating back to September 2023 and the latest on August 19, 2025. This indicates the threat has persisted for nearly two years without being fully removed. The attackers’ use of Vietnamese-language comments in the code hints at possible Vietnamese-speaking origins, though attribution remains speculative.
The attack leverages the trusted reputation of Flashbots among Ethereum validators and developers. Pandya warns that any package appearing to be an official SDK can easily be adopted by professionals managing hot wallets or trading bots, environments where a compromised key can result in instantaneous, irreversible financial loss. By burying malicious logic within otherwise legitimate-looking code, the threat actors exploit the implicit trust developers place in familiar libraries.
This campaign serves as a sobering reminder of the growing risks in the open-source software supply chain, particularly in high-value sectors like crypto development. Developers must implement stricter dependency checks, verify package authors, and avoid relying solely on names or appearances when adopting tools. The continued availability of these packages on npm also underscores the need for more proactive vetting and threat intelligence sharing within developer communitie
