Add Balancer to the ever-growing list of exploits that have occurred in Ethereum and other account-based chains...it's a fundamental misdesign at the contract, key and tooling layers, and it's surprising to see so many institutions choosing to build on them! - DAO reentrancy hack (2016) - Parity freeze (2017) - Wintermute (2022) - Curve/Vyper bug (2023) - ETHcode/supply chain attack (2025) - Bybit (2025) The list goes on...In contrast, UTXO-based chains like Bitcoin and its L2s like @Liquid_BTC generally prioritize security over convenience and expressivity. Eg, Core features like multisig, confidentiality and issuance are natively built into Liquid’s protocol, using low-level opcodes and lightweight cryptography...whereas Ethereum and other ABMs rely on overly expressive smart contracts and third-party tooling for the same feature set. Today, there’s also Simplicity, a new smart contracting language from @Blockstream for Bitcoin/Liquid, where you can formally specify and verify contracts. This allows you to achieve expressivity without the fallout from unbounded loops, global state, reentrancy, etc. Eventually, the market will catch up to the knowledge base available and what Bitcoiners have been emphasizing for more than a decade now. Until then, new hacks and exploits will continue, highlighting this fundamental difference in design.

10-1-2025 1 0 1 2 0 2 5=11 #ETHCODE to Help U Stack 28ricks patreon.com/posts/ethcode-oc…

The world of IDE extensions—especially places like VS Code—is a dark frontier still begging for exploration. 🚀 Sure, Microsoft runs basic scans in the Marketplace, but the ecosystem is massive—think ~50k extensions—and some malicious ones have slipped through, racking up installs through typosquatting or sneaky updates. 😱 Supply-chain attacks, like the Ethcode incident where a legit extension got compromised via GitHub PR back in June 2025, are only the tip of the iceberg. 🧊 Researchers found that around 5.6% of ~52k VS Code extensions showed suspicious behavior, while a deeper dive revealed that 8.5% leak credential-related data!🔐 If any IDE allows extensions, the vendor should step up: treat and audit them as *first-class system resources—not just convenience plugins.* 🛡 @_JohnHammond has already started illuminating this world in his brilliant experiments—this needs to go way beyond VS Code. It’s time for a full-on “living off the land” / LOLExtension-style project to audit and secure the entire supply chain. Let’s turn suspicion into scrutiny. 🚨 thehackernews.com/2025/07/ma… youtu.be/1zGwA1qMGvM?feature…

💻 Asistente de código malicioso ataca a desarrollador de ETH 🔥 ETHCode, una herramienta de desarrollo para Ethereum, fue el objetivo de un ataque que pone en riesgo la seguridad del ecosistema. crypto-economy.com/es/asiste…

💻 Rogue code assistant targets ETH developer 🔥 ETHCode, a development tool for Ethereum, has become the focus of an attack that raises concerns about ecosystem security. crypto-economy.com/rogue-ai-…

Top Smart Contract Tools These are some of the top tools meant for smart contract devs: – BoringSolidity alchemy.com/dapps/boring-sol… – Chainlink @chainlink – Ethcode marketplace.visualstudio.com… – Octopus github.com/FuzzingLabs/octop… – OpenZeppelin @OpenZeppelin – Solidity @solidity_lang

Malicious Pull Request Targets 6,000 Developers via Vulnerable Ethcode VS Code Extension dlvr.it/TMLXby #Cybersecurity #SupplyChainAttack #Ethcode #VSCODE #Malware

👇 Join this live convo, where experts will dissect the compromise of ETHcode, a trusted #VSCode extension for #Ethereum smart contract development with nearly 6,000 installs. #Dev #DevSecOps bit.ly/3Ibs4iT

🚩 Malicious Pull Request Compromises VS Code Extension Ethcode thehackernews.com/2025/07/ma… A supply-chain attack slipped two hidden lines into a GitHub PR on June 17, injecting a malicious npm package that triggered a hidden PowerShell downloader, impacting over 6,000 #Ethcode users. Review your installed #VSCode extensions, revoke untrusted or unfamiliar ones, and enable alerts for suspicious GitHub updates. #CyberSecurity #IDEsecurity

1/ 🚨 ETHcode Alert! A malicious code slipped into an ETHcode update affecting thousands of Ethereum devs! #Ethereum #CryptoSecurity 🛡️

0xNews - 악성 풀 리퀘스트로 감염된 VS Code 확장 ‘Ethcode’, 6,000명 이상 개발자 피해 project-openlab.blogspot.com…

Beware of the supply chain attacks. Malicious Pull Request Targets 6,000 Developers via Vulnerable Ethcode VS Code Extension thehackernews.com/2025/07/ma… via @TheHackersNews

ETHcode, a VS Code extension for Ethereum smart contract development, was compromised following a GitHub pull request. reversinglabs.com/blog/malic…

VS Code拡張機能Ethcodeが悪意のプルリクエストで侵害、暗号通貨開発者を標的 innovatopia.jp/cyber-securit…

A threat actor has compromised a VS Code extension used by nearly 6,000 cryptocurrency developers. The ETHcode extension was compromised last month via a malicious GitHub commit. ReversingLab says the attacker added a new dependency that would allow them to run malicious code on systems where the extension is installed. The ETHcode extension is typically used for Ethereum smart contract development.

Researchers from ReversingLabs have identified a malicious pull request that compromised the ETHcode VS Code extension, introducing hidden malware targeting cryptocurrency developers. #Cybersecurity #Malware #VSCode ift.tt/69ZpKtT

ReversingLabs researchers uncovered a sophisticated supply chain attack that infected the ETHcode VS Code extension via a malicious GitHub pull request, highlighting the risks of trusting legitimate software components. #Cybersecurity #SupplyChainAttack ift.tt/69ZpKtT

Malicious Pull Request Targets 6,000 Developers via Vulnerable Ethcode VS Code Extension thehackernews.com/2025/07/ma… via @TheHackersNews