In this talk, we discuss a possible new technique where hackers could abuse smart contracts that are deployed on the blockchain as means of command and control (C2) for botnets. We call this novel technique ‘botract’; derived by merging two words: ‘bot’ and ‘contract’. In this talk, we describe how hackers can exploit smart contracts as a messaging platform to communicate with bots and why it is practically difficult, if not impossible, to launch a takedown using conventional techniques given the distributed nature of the blockchain and the persistence of smart contracts deployed on top of them. In order to validate our proposal, we will describe the architecture for deploying blockchain-based botnets and then show a proof-of-concept C2 using testnet environments. The goal of this talk is to demonstrate the feasibility of blockchain-based botnets seeking to create defenses against them before they become widespread in the future.
