Smart Contract Honeypots for Profit (and probably Fun)

Presented at ToorCon San Diego 20 (2018), Sept. 16, 2018, 4:30 p.m. (20 minutes)

Ethereum smart contracts have bugs: a lot of them. So many, in fact, that attackers have flocked to exploit them, but occasionally they lose money themselves. Malicious contracts that look vulnerable but are exploitative are a rising trend, and this talk will discuss how they work and what they do. Ethereum honeypot contracts combine the oldest of cons with the newest of tech. As it turns out, it’s still easy to con someone who thinks they’re a conman. These malicious contracts share one trait in common: they almost always try to look like they were designed by a beginner. As such, they are a great place to learn about some of the pitfalls that can befall a new entrant to the space, and serve as an interesting (and often entertaining) case study into the wild-west world of smart contract security. By exploring a few of the more interesting cases of not-so-vulnerable contracts, the audience can gain a deeper understanding of how smart contract security works in practice, and maybe how to beat a few scammers at their own game.


  • Ben Schmidt
    I’m CSO at PolySwarm, a security startup that is working to create a decentralized threat intelligence marketplace. My position requires I stay very current on the state of security in the space, and have talked previously on various smart contract vulnerabilities. This isn’t a new interest as mine though; I’ve been involved in cryptocurrency since 2009, pretty consistently with an eye towards security.


Similar Presentations: