Free Censorship-Resistant Infrastructure: When Malware Uses the BSC Testnet Better Than Web3 Startups
EtherHiding has recently been documented as a technique where attackers use blockchain infrastructure to host payloads or resolve command-and-control (C2) endpoints.
In this talk, I present the analysis of a ClickFix campaign that goes one step further: using smart contracts not for payload delivery, but for victim tracking.
By reversing the client-side logic and analyzing on-chain transactions, I show how victim identifiers are written directly to a BSC smart contract, enabling attackers to track conversions and control infection flow without traditional backend infrastructure.
This shifts the role of blockchain from passive infrastructure to active telemetry — a design that can also be leveraged by defenders for visibility, tracking, and threat intelligence.