THREATNOIR
Subscribe
Back to Feed
MalwareJun 5, 2026

PHANTOMPULSE routes C2 through Ethereum/Base/Optimism transaction inputs. The blockchain resolve...

PHANTOMPULSE malware uses Ethereum/Base/Optimism blockchain transactions for C2 with no sender verification.

Read at source

Summary

PHANTOMPULSE is a malware variant that routes command-and-control traffic through blockchain transaction inputs on Ethereum, Base, and Optimism networks. The implementation lacks sender verification, meaning a single defensive transaction can override the C2 URL for all active implants simultaneously. Security researcher @soolidsnakee has reverse-engineered the full mechanism.

Indicators of Compromise

  • malware — PHANTOMPULSE

Entities

@soolidsnakee (threat_actor)Ethereum (technology)Base (technology)Optimism (technology)