The recent incident involving malicious code in the ETHcode extension for Visual Studio Code raises concerns about security in crypto development.
Malicious Code in ETHcode
Malicious code was inserted into ETHcode — an extension for Ethereum available on Visual Studio Code. This extension was submitted by a GitHub user named Airez299 and was removed by Microsoft on June 26.
Microsoft's Response and Consequences
Following the detected threat, Microsoft and the 7finney team quickly reacted by removing and patching ETHcode. This incident has undermined trust among developers. Security researchers have emphasized the risks of compromised assets and the sophisticated nature of supply chain attacks.
Security in Open Systems
The ETHcode incident raises questions about trust in open-source development, particularly in blockchain technologies. Developers are now facing increased scrutiny of coding tools used to secure digital assets.
The malicious code incident in ETHcode highlights the need for enhanced security on open-source platforms, especially in light of ongoing threats in the crypto industry.