What Is EtherHiding? Google Flags Malware with Crypto-Stealing Code in Smart Contracts

Summary

Google disclosed a new malware campaign dubbed “EtherHiding” that uses compromised websites to trigger malicious Ethereum smart contracts which siphon crypto from unsuspecting users. The attack unfolds in two phases: site compromise delivers code that calls a hidden contract, and that contract’s embedded logic tricks wallets or dapps into authorizing asset transfers. Security researchers warn the technique evades traditional web and blockchain filters by splitting payloads between web pages and on-chain code, raising theft risk for DeFi users and custodial services. The discovery highlights growing intersection of web compromise and smart-contract exploits, increasing urgency for enhanced endpoint, wallet and contract-auditing defenses.