EtherHiding: Why hackers may prefer Binance’s BNB Smart Chain

October 20, 2023 Coin Telegraph

BNB Chain

According to cybersecurity analysts at 0xScope and CertiK, threat actors may prefer using BNB Smart Chain contracts because it’s cheaper and seen as having lower security than Ethereum.

Despite the name “EtherHiding,” the new attack vector that hides malicious code in blockchain smart contracts doesn’t have much to do with Ethereum at all, cybersecurity analysts have revealed.

As reported by Cointelegraph on Oct. 16, EtherHiding has been discovered as a new way for bad actors to hide malicious payloads inside smart contracts — with the ultimate goal of distributing malware to unsuspecting victims.

These cybercriminals tend to prefer using Binance’s BNB Smart Chain, it is understood.

Speaking to Cointelegraph, a security researcher from blockchain security firm CertiK, Joe Green, said most of this is due to BNB Smart Chain’s lower costs.

“The handling fee of BSC is much cheaper than that of ETH, but the network stability and speed are the same because each update of JavaScript Payload is very cheap meaning there’s no financial pressure.”

EtherHiding attacks are initiated by hackers compromising WordPress websites and injecting code that pulls partial payloads buried in Binance smart contracts. The website’s front end is replaced by a fake update browser prompt which when clicked pulls the JavaScript payload from the Binance blockchain.

The actors frequently change the malware payloads and update website domains to evade detection. This allows them to continuously serve users fresh malware downloads disguised as browser updates, Green explained.

Screenshot of malware updates being deployed in BSC smart contract. Source: Certik

Another reason, according to security researchers at Web3 analytics firm 0xScope, could be because of increased security-related scrutiny on Ethereum.

"While we are unlikely to know the EtherHiding hacker's true motives for using BNB Smart Chain over other blockchains for their scheme, one possible factor is the increased security-related scrutiny on Ethereum.”

Hackers may face higher risks of discovery by injecting their malicious code using Ethereum due to systems such as Infura’s IP address tracking for MetaMask transactions, they said.

The 0xScope team told Cointelegraph they recently tracked the money flow between hacker addresses on BNB Smart Chain and Ethereum.

Key addresses were linked to NFT marketplace OpenSea users and Copper custody services, it reported.

Payloads were updated daily across 18 identified hacker domains. This sophistication makes EtherHiding hard to detect and stop, the firm concluded.

Magazine: Should crypto projects ever negotiate with hackers? Probably

BNB Smart Chain hit with copycat Vyper attack, $73K exploited

July 31, 2023 Coin Telegraph

BNB Smart Chain

While Ethereum-based protocols have been hit with the majority of the exploit activity, BNB Smart Chain has also seen similar copycat exploits, according to BlockSec.

The BNB Smart Chain (BSC) has reportedly suffered copycat attacks due to a vulnerability in the Vyper programming language, following a similar vein to the exploit on the decentralized finance (DeFi) protocol Curve Finance.

Amid the exploits carried out on Ethereum, Blockchain security firm BlockSec tweeted on July 30 that around $73,000 worth of cryptocurrencies on BSC across three exploits had also been stolen.

It comes as similar exploits targeting liquidity pools on Curve Finance have racked up losses exceeding $41 million, according to current BlockSec estimates.

The sheet updated. Losses have already ~$41m!https://t.co/lCaS4uEPzm https://t.co/stQYNJFS7y pic.twitter.com/P7jG8NHnV4
— BlockSec (@BlockSecTeam) July 30, 2023

The vulnerability was caused by a malfunctioning reentrancy lock on Vyper versions 0.2.15, 0.2.16 and 0.3.0, which is used by a number of DeFi pools.

The programming language is believed to be one of the most widely used for Web3 projects. It was designed for the Ethereum Virtual Machine and could affect other protocols that use the afflicted Vyper versions.

Since news of the exploit broke, white hat and black hat hackers have been duking it out on-chain attempting to disrupt each other's exploit attempts or efforts to recover funds.

One potential whitehat, known as “c0ffebabe.eth,” was seemingly able to grab some funds to store for safekeeping. On July 30 they sent an on-chain message asking affected protocols to contact them to organize returning funds.

Excellent news!!! hopefully we can get it backhttps://t.co/sElKdYniT1 pic.twitter.com/AEldRorQaq
— Addison (@0xaddi) July 30, 2023

So far, the wallet has returned nearly 2,900 Ether (ETH) worth over $5 million to Curve according to one transaction.

5M returned back to @CurveFinance pic.twitter.com/BPAvE1ZOZY
— KGJR (@KGJRTG) July 30, 2023

Another transaction saw c0ffebabe.eth move 1,000 ETH to what appears to be a newly-created wallet — likely the cold wallet that they mentioned earlier.

Hall of Flame: Wolf Of All Streets worries about a world where Bitcoin hits $1M

BNB Chain Rolls Out Testnet for New Ethereum Compatible Layer-2 Solution

June 19, 2023 The Daily Hodl

3 reasons why Ethereum price could struggle at the $1.9K level

May 16, 2023 Coin Telegraph

3 reasons why Ethereum price could struggle at the .9K level

BSC

The ETH price could come under short-term pressure due to a downtrend in deposits, reduced DEX volume market share and futures data showing traders with a bearish bias.

Since May 12, Ether’s price has been struggling to sustain its $1,800 support level, as investors face pressures from a worsening crypto regulatory environment and the Ethereum network’s high gas fees. Also negatively impacting Ether’s (ETH) price are three indicators signaling reduced demand for its decentralized applications (DApps) and a lack of leverage buying demand from professional traders.

Regulators signal their plan to further limit crypto intermediaries

According to court documents filed on May 15, the United States Securities and Exchange Commission (SEC) has given a formal response in court in relation to Coinbase’s petition for clear crypto regulation. The SEC stated that any rulemaking may take years and that enforcement actions will continue in the meantime.

On May 16, the Economic and Financial Affairs Council of the European Union — comprising finance ministers of all member states — approved the highly anticipated Markets in Crypto-Assets (MiCA) regulation, which will come into effect by mid-2024.

Some argue that MiCA facilitates business growth in the region. Others focus on the privacy risks for personal users’ data and the risks imposed on non-custodial solutions, including decentralized finance applications.

The drop in DApp deposits is concerning

The Ethereum network is experiencing problems caused by surging gas fees — the cost associated with transactions, including those performed by smart contracts. For the past four weeks, the average transaction fee has stood above $9, which severely limited the demand for DApp usage.

Total deposits on the Ethereum network in Ether terms plunged to their lowest levels since August 2020. Such an analysis excludes the effects of native Ethereum staking, which recently started to allow withdrawals.

*Ethereum network applications' total deposits in ETH. Source: DefiLlama*

According to DefiLlama data, Ethereum DApps reached 14.9 million ETH in total value locked (TVL) on May 16. That compares with 16.5 million ETH two months prior, a 10% decline. As a comparison, TVL on BNB Smart Chain in BNB (BNB) terms was essentially flat in the same period, while Polygon (MATIC) deposits on the Polygon network increased by 29%.

BNB Smart Chain attempts to take a lead in DEX volume

Ethereum might have been the absolute leader in decentralized exchange (DEX) volume since its inception, but this position is being challenged. Ethereum’s market share by volume on DEXs peaked at 75% in the week ending March 5 but steadily declined to its lowest level ever, 39.6%, in the week ending May 14.

*Weekly DEX volume by chain. Source: DefiLlama*

Gainers since March 5 on DEX trading volume were Arbitrum, increasing to 14% from 7%, and BNB Smart Chain, growing to 31% from 5.6%. One might argue that the success of the Ethereum network’s scaling solutions reflects bullishness for Ether’s price, but that relationship is not so direct.

Data shows pro traders turning bearish

Ether quarterly futures are popular among whales and arbitrage desks. However, these fixed-month contracts typically trade at a slight premium to spot markets, indicating that sellers are asking for more money to delay settlement.

As a result, ETH futures contracts in healthy markets should trade at a 5 to 10% annualized premium — a situation known as contango, which is not unique to crypto markets.

*Ether 3-month futures annualized premium. Source: Laevitas*

Ether professional traders have avoided leverage longs (bullish bets) since early April. Moreover, the current 1% ETH futures premium is on the edge of becoming negative, known as backwardation — if confirmed, this is an alarming red flag, as bearish demand dominates the scene.

In short, these three indicators — namely, the reduced TVL, record-low DEX market share and lack of leverage buying demand — signal the $1,900 resistance will be hard to break in the short term. For now, Ether bears are in control, favoring the odds of a price correction.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.