Hackers Use "EtherHiding" to Target Crypto Devs via Smart Contracts

The method involves hiding harmful software within smart contracts on public blockchain networks. This approach, known as "EtherHiding", began surfacing in 2023.

It often starts with fake job offers or interview invitations sent to software and cryptocurrency developers. Once a target responds, the hackers steer the conversation toward platforms like Discord or Telegram to build trust and continue the scheme.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

Crypto Day Trading VS Swapping: What’s More Rewarding? (Animated)

SUBSCRIBE

ON YOUTUBE

The attackers also take control of trusted websites by injecting a small script. This script connects to a blockchain smart contract, which holds an additional layer of malware.

By using a "read-only" function to pull the code from the blockchain, the hackers avoid creating any traceable transaction.

During the next phase, the victim is asked to complete a technical task, often involving downloading files from public code-sharing sites like GitHub. These files contain the malware needed to begin the attack.

In some cases, victims are tricked during video calls where a fake system error appears. They are then told to install a "patch" to fix it, which carries the harmful code.

Once the first malware is installed, it launches a second tool, called JADESNOW, which collects sensitive data, including digital wallet information.

Recently, Misleading ads appeared inside Monad’s official Telegram announcement channel before its upcoming token distribution. What did co-founder Keone Hon said? Read the full story.