The smart grid optimises energy transmission efficiency and provides practical solutions for energy saving and life convenience. Along with a decentralised, transparent and fair trading model, the smart grid attracts many users to participate. In recent years, many researchers have contributed to the development of smart grids in terms of network and information security so that the security, reliability and stability of smart grid systems can be guaranteed. However, our investigation reveals various malicious behaviours during smart grid transactions and operations, such as electricity theft, erroneous data injection, and distributed denial of service (DDoS). These malicious behaviours threaten the interests of honest suppliers and consumers. While the existing literature has employed machine learning and other methods to detect and defend against malicious behaviour, these defence mechanisms do not impose any penalties on the attackers. This paper proposes a management scheme that can handle different types of malicious behaviour in the smart grid. The scheme uses a consortium blockchain combined with the best–worst multi-criteria decision method (BWM) to accurately quantify and manage malicious behaviour. Smart contracts are used to implement a penalty mechanism that applies appropriate penalties to different malicious users. Through a detailed description of the proposed algorithm, logic model and data structure, we show the principles and workflow of this scheme for dealing with malicious behaviour. We analysed the system’s security attributes and tested the system’s performance. The results indicate that the system meets the security attributes of confidentiality and integrity. The performance results are similar to the benchmark results, demonstrating the feasibility and stability of the system.