With the explosive growth of resource-constrained smart devices and the widespread deployment of Internet-of-Things (IoT) devices, there is an ever-increasing demand for low-energy and cost-effective wireless communication solutions to serve a wide variety of systems and processes. To this end, blockchain-enabled Helium devices were conceived to enable Internet services and to support third-party IoT devices. This decentralized paradigm allows individuals and entities to freely engage, monetize and deploy wireless Helium hotspots, offering Internet coverage through piggy-backing packets via their existing network and Internet infrastructure (e.g., fiber optics at home). Currently, there are close to 1M operational Helium devices deployed in 189 countries, which are owned by 425K accounts. Given this evolving paradigm, in this paper, we take a first step to explore the plausible attack vectors which could potentially impact the confidentiality, integrity, and availability of such Helium hotspots. Along this vein, we then scrutinize 2.9 TB of one-way unsolicited Internet traffic arriving at 0.5M monitored dark IP addresses to identify 869,822 darknet events pertained to 6K Helium hotspots (as infected devices and DoS victims). By further leveraging active and passive methodologies coupled with public exploitation databases, we uncover medium to critical severity vulnerabilities attributed to 62K online Helium hotspots.