The Blockchain Backdoor: How Attackers Subverted the WordPress Supply Chain

The Blockchain Backdoor: How Attackers Used ENS to Subvert the WordPress Supply Chain - Aadam Shaik and Rohit Hande
What happens when the "Kill Switch" is decentralized? In early 2026, a sophisticated threat actor acquired a portfolio of over 30 WordPress plugins, including the popular "Accordion and Accordion Slider," to execute a massive supply chain attack. While the initial vector was a traditional acquisition-turned-backdoor, the true innovation lay in the Command & Control (C2) infrastructure. This talk deconstructs how attackers utilized the Ethereum Name Service (ENS) to create unblockable, dynamic C2 resolution. By querying public Ethereum RPC endpoints directly from server-side PHP, the malware bypassed traditional DNS-based security perimeters and neutralized standard domain takedown strategies.

Location
Room 080.02.002 at RMIT (Building 80) - 445 Swanston St, Melbourne

Discord
Discord Event Info

Streaming
If you can't attend the event in person the talks will be streamed in the "ruxmon-stream" voice channel in the Ruxcon Discord in the day of the event! (join now by clicking here: https://discord.gg/g2CpEbkXmM