Security analysts at 0xScope and CertiK have identified a preference among threat actors for using Binance’s BNB Smart Chain for the EtherHiding attack, a new method for concealing malicious code within blockchain smart contracts.
EtherHiding Attack Explained
EtherHiding is an emerging attack vector that involves hiding malicious payloads inside smart contracts with the aim of distributing malware to unsuspecting victims. Unlike what the name might suggest, this attack vector is not exclusive to Ethereum but has strong ties to Binance’s BNB Smart Chain.
Lower Costs Drive Adoption
Security researcher Joe Green from CertiK highlighted one of the primary reasons behind this preference, citing the significantly lower handling fees associated with BNB Smart Chain compared to Ethereum. The cost-effectiveness of BNB Smart Chain, combined with similar network stability and speed, makes it an attractive choice for cybercriminals.
Screenshot of malware updates being deployed in BSC smart contract. Source: Certik
Ethereum’s Increased Scrutiny
Another potential reason for the preference for BNB Smart Chain, as suggested by security researchers at Web3 analytics firm 0xScope, is the heightened security scrutiny faced by Ethereum. The increased attention on Ethereum may lead to a higher risk of discovery for hackers employing this method on the platform. Notably, systems like Infura’s IP address tracking for MetaMask transactions make it more challenging for malicious activities to go unnoticed on Ethereum.
The 0xScope team has been monitoring the financial flow between hacker addresses on BNB Smart Chain and Ethereum, uncovering key addresses linked to NFT marketplace OpenSea users and Copper custody services. The attack’s sophistication, which involves daily updates across 18 identified hacker domains, makes EtherHiding particularly challenging to detect and counteract.
This shift towards BNB Smart Chain reflects the evolving tactics of cybercriminals and underscores the need for enhanced security measures across blockchain networks.