Why hackers may be drawn to Binance’s BNB Smart Chain

Despite its name, the new EtherHiding attack vector that conceals malicious code in blockchain smart contracts is not primarily associated with Ethereum, according to cybersecurity analysts. EtherHiding has emerged as a method for hackers to hide malicious payloads within smart contracts, with the aim of distributing malware to unsuspecting victims. Interestingly, hackers have shown a preference for using Binance’s BNB Smart Chain for these attacks.

The appeal of BNB Smart Chain for hackers

One of the main reasons why hackers target BNB Smart Chain is its lower costs compared to Ethereum. Joe Green, a security researcher from CertiK, a blockchain security firm, explained that BNB Smart Chain’s handling fee is much cheaper than that of Ethereum:

“The handling fee of BSC is much cheaper than that of ETH, but the network stability and speed are the same because each update of JavaScript Payload is very cheap, meaning there’s no financial pressure.”

In other words, the lower transaction fees allow hackers to carry out their malicious activities without incurring significant costs. Furthermore, the stability and speed of the BNB Smart Chain are comparable to Ethereum, which makes it an attractive choice for hackers.

How EtherHiding attacks work

EtherHiding attacks typically begin with hackers compromising WordPress websites and injecting code that retrieves partial payloads embedded in Binance smart contracts. The attackers then replace the website’s front end with a fake update browser prompt. Once users click on the prompt, the JavaScript payload is pulled from the Binance blockchain. To evade detection, hackers frequently change the malware payloads and update website domains, ensuring that users unknowingly download fresh malware disguised as browser updates.

The dynamic nature of these attacks makes them difficult to detect and stop. Security researchers at Web3 analytics firm 0xScope believe that hackers may be turning to BNB Smart Chain to avoid the heightened security scrutiny that Ethereum currently faces. With systems like Infura’s IP address tracking for MetaMask transactions, hackers injecting malicious code into Ethereum smart contracts are at a higher risk of being discovered.

0xScope has recently traced the money flow between hacker addresses on both BNB Smart Chain and Ethereum. They identified key addresses linked to NFT marketplace OpenSea users and Copper custody services. The constant updating of payloads across 18 different hacker domains adds another layer of complexity to the EtherHiding scheme, making it more challenging to detect and mitigate.


The EtherHiding attack vector, despite its name, is not primarily associated with Ethereum. Hackers are increasingly choosing to exploit Binance’s BNB Smart Chain due to its lower costs and comparable network stability and speed. The ability to hide malicious payloads within smart contracts and distribute malware disguised as browser updates poses a significant threat to unsuspecting users. As hackers continue to evolve their tactics, it is crucial for individuals and organizations to stay vigilant and maintain robust security measures to protect against these attacks.

Editor’s Notes: Stay up-to-date with the latest news and developments in the world of cryptocurrencies by visiting Uber Crypto News.

You might also like

Comments are closed, but trackbacks and pingbacks are open.