Sources
Fireship: WordPress Supply Chain Attack — 30+ Plugins Bought for $100K, Backdoored with Ethereum Smart Contract C2
Fireship's breakdown (411K views) of the largest WordPress supply chain attack in years: an attacker spent ~$100K on Flippa buying 30+ trusted plugins, embedded PHP deserialization backdoors that sat dormant for 8 months, then activated April 5-6. The C2 domain resolved through an Ethereum smart contract on public blockchain RPC endpoints, letting the attacker redirect traffic by simply updating the contract. SEO spam was only visible to Googlebot — site owners saw clean pages while search engines were fed malicious content.
Source
↳ Follow the thread