Etherhiding: How Smart Contract Abuse is Redefining Malware

Pierce Vaughn

This session explores how threat actors are abusing public blockchains and smart contract storage to create censorship-resistant Command-and-Control (C2) infrastructure for hiding malware payloads. The session traces the evolution of this typology and discusses recent cases in which cybercriminals leveraged the blockchain to distribute malware. Attendees will learn to hunt smart contract abuse by identifying behavioral heuristics to fingerprint malicious contracts and pivot to attacker wallets and C2s. This practical knowledge empowers users to surface and solve ongoing, mass-scale campaigns.