Socket’s Threat Research Team discovered four malicious npm packages published by the alias flashbotts that impersonate Flashbots tooling and exfiltrate private keys and mnemonic seeds to a Telegram bot (8083151136), targeting Web3 developers and MEV operators. The packages (ethers-provide-bundle, flashbot-sdk-eth, sdk-ethers, gram-utilz) use shared infrastructure and varied activation methods to steal credentials and, in one variant, hijack unsigned transactions to 0x38F528E7903d6E6A1268459FC65c2ba6350E3E02. #flashbotts #Flashbots #8083151136
Keypoints
- Four malicious npm packages (ethers-provide-bundle, flashbot-sdk-eth, sdk-ethers, gram-utilz) by npm author flashbotts (aning2028@gmail[.]com) are live on the npm registry and impersonate Flashbots tooling to target Web3 developers.
- All packages exfiltrate private keys and mnemonic seeds to the same Telegram bot (token: 8083151136:AAEz-Jv8cklMNOaN8dBoq_Uw6IJ4MNnfbmU, chat_id: 5013747314), confirming a coordinated supply-chain operation.
- The most dangerous variant (FlashbotsBundleProvider fork) exfiltrates environment variables (PRIVATE_KEY_EXECUTOR, PRIVATE_KEY_SPONSOR) via hard-coded SMTP Mailtrap credentials and hijacks unsigned transactions to attacker address 0x38F528E7903d6E6A1268459FC65c2ba6350E3E02.
- Other packages steal credentials by sending mnemonics/private keys to the Telegram API (sdk-ethers and flashbot-sdk-eth) or provide a GramUtil module as a reusable exfiltration channel.
- Malicious code is heavily padded with benign utilities (≈95% in one package), uses obfuscation (Base64, array-based hiding, dual-language sources), and suppresses errors to evade detection.
- Targets are high-value MEV searchers, arbitrage bots, and hot wallets—compromise yields immediate irreversible fund theft and can subvert MEV operations.
- Socket’s detection tooling flagged flashbot-sdk-eth as known malware and the team has petitioned npm for removal while recommending supply-chain safeguards and runtime/package-scanning defenses.
MITRE Techniques
- [T1195.002] Supply Chain Compromise – Malicious npm packages published under the flashbotts account impersonate legitimate Flashbots tooling to distribute credential-stealing code. Quote: ‘four malicious npm packages … published by a threat actor using the npm alias flashbotts’
- [T1027] Obfuscated Files or Information – Packages use Base64 encoding and array-based string hiding to conceal exfiltration details and tokens. Quote: ‘Base64 encoding and legitimate code padding (95% benign buffer utilities)’
- [T1059.007] Command and Scripting Interpreter: JavaScript – Malicious behavior is implemented in JavaScript/TypeScript within npm packages, executing on import/instantiation or specific function calls. Quote: ‘Both implementations contain identical attack patterns … TypeScript version includes proper type definitions’
- [T1204.002] User Execution: Malicious File – Developers installing or importing these packages execute the malicious code (some variants trigger on class instantiation without explicit calls). Quote: ‘this one triggers automatically during class instantiation – making it more aggressive and harder to detect’
- [T1567] Exfiltration Over Web Service – Stolen mnemonics and private keys are sent to a Telegram bot via the Telegram API and via HTTPS requests; one variant uses SMTP (Mailtrap) for exfiltration. Quote: ‘exfiltrating private keys and mnemonic seeds to a Telegram bot’ and ‘SMTP exfiltration with hardcoded Mailtrap credentials’
- [T1589.001] Gather Victim Identity Information: Credentials – Code specifically harvests environment variables and in-memory private keys/mnemonics (e.g., PRIVATE_KEY_EXECUTOR, PRIVATE_KEY_SPONSOR) to obtain wallet credentials. Quote: ‘Harvest environment variables containing private keys … PRIVATE_KEY_EXECUTOR and PRIVATE_KEY_SPONSOR’
Indicators of Compromise
- [Telegram Bot] Exfiltration endpoint – token 8083151136:AAEz-Jv8cklMNOaN8dBoq_Uw6IJ4MNnfbmU (active), chat_id 5013747314.
- [Wallet Address] Transaction hijack target – 0x38F528E7903d6E6A1268459FC65c2ba6350E3E02 used to redirect unsigned transactions.
- [SMTP Host] Exfiltration SMTP service – sandbox.smtp.mailtrap.io:2525 with hard-coded credentials (user: 4e2a7eb87b0cf0, pass: 48c1a0b623d4b3) used by ethers-provider-bundle variant.
- [npm Packages] Malicious package names – ethers-provide-bundle (aka @flashbotts/ethers-provider-bundle), flashbot-sdk-eth, sdk-ethers, gram-utilz; npm author flashbotts, email aning2028@gmail[.]com.
- [API Endpoints] Telegram API calls – api.telegram.org bot endpoints used for sendMessage (examples embedded in code snippets) and generic HTTPS POSTs to Telegram API.