Blockchain as C2 Infrastructure: Dissecting the Windsurf IDE Supply Chain Attack That Weaponized Solana

TL;DR A malicious IDE extension discovered this week uses the Solana blockchain as command-and-control infrastructure to deliver credential-stealing payloads to developers. This isn't just another supply chain attack — it represents a paradigm shift where public blockchains become untakeable C2 channels. Here's why every Web3 developer should care. The Attack: IDE Extensions as Trojan Horses Bitdefender researchers identified a malicious extension targeting the Windsurf IDE (a VS Code-compatible environment) that masquerades as reditorsupporter.r-vscode-2.8.8-universal — a near-perfect typosquat of the legitimate REditorSupport extension for the R programming language. The kill chain is elegant in its simplicity: Installation — Developer installs what appears to be a legitimate R language extension Decryption — The extension decrypts an embedded loader post-installation (evading static analysis) System Profiling — Checks for Russian locale/timezone indicators; terminates if detected Bl