Cybersecurity researchers at Source Defense have identified a large-scale digital skimming campaign that uses the Ethereum blockchain as command-and-control infrastructure, marking a significant evolution in the tactics used by cybercriminals targeting global e-commerce websites. The campaign demonstrates how blockchain technology can be exploited to make malicious infrastructure more resilient against traditional disruption efforts while increasing the complexity of detecting payment card theft operations.
According to the researchers, attackers are leveraging Ethereum smart contracts to manage malicious infrastructure instead of relying on conventional hosting providers. This approach allows cybercriminals to rapidly rotate the servers and domains used in their operations, making it considerably more difficult for security teams and law enforcement agencies to disable their infrastructure through conventional takedown procedures.
Researchers identified more than 15 Ethereum smart contracts supporting a coordinated digital skimming campaign that targets online shopping platforms by using blockchain as resilient command-and-control infrastructure.
The investigation found that the campaign includes multiple coordinated infrastructure clusters and dozens of associated domains. Once activated, the malware deploys an advanced payment skimmer capable of intercepting online checkout processes. The malicious software reportedly replaces legitimate payment interfaces with convincing replicas designed to collect customers’ payment card information, personal details, and device data before transmitting the stolen information to attackers.
Smart Contracts Replace Traditional Malicious Servers
Unlike conventional Magecart attacks that embed malicious domains directly into compromised websites, this campaign stores routing information inside Ethereum smart contracts. Compromised websites retrieve active infrastructure details from the blockchain before downloading a second-stage malicious payload. This decentralized approach enables attackers to modify their infrastructure without changing the malicious code embedded in infected websites, increasing operational flexibility while reducing the likelihood of detection.
Source Defense indicated that blockchain-based infrastructure offers cybercriminals an effective way to evade traditional security controls because there is no centralized hosting provider that authorities can pressure to remove malicious services. The decentralized nature of blockchain networks therefore creates additional challenges for cybersecurity professionals attempting to disrupt ongoing attacks.
Stephen Ward, chief marketing officer at Source Defense, suggested that security teams should prepare for broader adoption of blockchain technologies by cybercriminals. He indicated that as blockchain platforms become increasingly integrated into malicious operations, attacks are likely to become both more frequent and more sophisticated, making disruption efforts considerably more difficult.
Compliance Alone May Not Be Enough
The researchers indicated that attackers have developed techniques capable of bypassing traditional payment security measures, highlighting limitations in relying solely on Payment Card Industry Data Security Standard (PCI DSS) 4.0 compliance.
The report noted that organizations processing payment card information are expected to comply with PCI DSS 4.0 requirements, including implementing strong multi-factor authentication across cardholder data environments. However, the researchers suggested that evolving attack techniques have demonstrated the ability to circumvent some of the protections and guidance established under the standard.
Ward also indicated that many organizations have yet to fully implement PCI DSS 4.0 despite its mandatory status for merchants handling payment card data. He suggested that enforcement can vary because organizations responsible for overseeing compliance often maintain commercial relationships with merchants, potentially reducing their willingness to apply strict penalties.
The report further argued that client-side security continues to receive insufficient attention across many organizations. According to the researchers, inconsistent implementation of security controls and an emphasis on regulatory compliance rather than comprehensive cybersecurity have left many e-commerce platforms vulnerable to increasingly sophisticated attacks.
The findings suggest that decentralized blockchain infrastructure could make future cybercrime operations more resilient while forcing security teams to adopt more advanced detection methods, including AI-powered threat analysis.
Although the extent to which cybercriminals are adopting blockchain-based infrastructure remains uncertain, the researchers suggested that increased international cooperation among law enforcement agencies may encourage threat actors to migrate toward decentralized technologies that are inherently more resistant to takedown efforts. They also noted that advances in artificial intelligence could eventually improve the identification of malicious infrastructure, but warned that security teams should expect adversaries to continue exploiting the anonymity and resilience offered by blockchain platforms in the near term.
