Cybersecurity has become paramount in a world where blockchains are experiencing growing adoption. Attackers exploit various innovative techniques to infiltrate and manipulate decentralized systems, making security challenges even more complex. This article examines the sophisticated methods used by hackers to compromise blockchains, including techniques such as “EtherHiding” and “TxDataHiding”, and highlights their potential impact on users and businesses.
The Constant Threats to Blockchains
Blockchains, as decentralized technologies, are generally perceived as providing enhanced security through their architecture. However, this perception is undermined by the continuous emergence of new threats. Attackers infiltrate them by using innovative methods to conceal their malicious code within blockchain systems. These techniques exploit the inherent vulnerabilities of the systems while circumventing traditional security mechanisms.
The “EtherHiding” Technique
One of the notable techniques observed recently is “EtherHiding”. This method involves hiding malicious scripts within smart contracts deployed on public blockchains. In June 2024, research conducted by the Proofpoint team shed light on this modus operandi during email phishing campaigns.
Attackers use disguised HTML files to entice users to install malware, such as Matanbuchus, DarkGate, or NetSupport RAT. When a user interacts with a compromised website, a malicious script loaded via the blockchain is executed. By using encoded and concealed JavaScript within the smart contracts, hackers take advantage of blockchain characteristics such as immutability and availability.
The “ClickFix” Technique
In parallel, the “ClickFix” technique, also documented in June 2024, has shown a significant evolution in attackers’ approaches. This method, associated with phishing campaigns, utilizes HTML files that prompt the installation of malware while interacting with compromised websites. By making queries to blockchains, malicious JavaScript code is retrieved and executed, making detection by security tools much more difficult.
The “TxDataHiding”: A New Threat
Another innovation in the field of attacks is the “TxDataHiding”, a technique that involves embedding malicious payloads directly into the blockchain transaction data. Using advanced methods, attackers can query historical data to extract these payloads without the need for a smart contract. This represents a significant change, as the malicious data simply resides in the transaction history, thereby escaping detection by traditional systems.
The Implications of Cross-Chain TxDataHiding
To exacerbate the situation, the “Cross-Chain TxDataHiding” system has been discovered, where attackers use multiple blockchain networks to execute a coordinated attack. This method relies on different blockchains, using one chain as an index to reference transactions on a second blockchain. This provides attackers with increased resilience against efforts to dismantle malicious infrastructure, making detection and mitigation processes increasingly complex for security teams.
Conclusion: Constantly Evolving Challenges for Cybersecurity
In the face of these innovations, the challenges in cybersecurity have never been more pressing. Businesses and users must be vigilant and stay informed about the latest threats in order to protect their assets on blockchains. To learn more about the challenges and opportunities associated with blockchain in strengthening cyber defense in France, check out this article here.
