2026-01-16 13:26:02

A new strain of ransomware called DeadLock is leveraging Polygon smart contracts in unexpected ways—using the blockchain to store and dynamically rotate proxy addresses for its command-and-control infrastructure. This approach creates a resilient C2 layer that's notoriously hard to take down. Since its initial emergence in July, the malware has managed to evade traditional takedown efforts by hiding in plain sight on the blockchain. The tactic bears similarities to techniques previously associated with state-sponsored actors, like the EtherHiding method. For security teams monitoring the Polygon ecosystem, this represents a growing concern: attackers are weaponizing smart contracts not for financial gain, but as operational infrastructure.

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

11 Likes

Reward
11
8
Repost
Share

Comment

0/400

ContractCollector

· 01-19 12:53

Oh my god, DeadLock actually used Polygon contracts as C2 servers? That’s really wild... --- Once again, it’s Polygon causing trouble. Why does every bad thing seem to be related to it? --- They’re even using state-sponsored level tactics. Ordinary defenses can’t hold up against that. --- Relying on contract rotation of proxy addresses to evade regulation—this idea is truly brilliant... but also a bit too ruthless. --- Can’t anyone remove DeadLock from the chain? It feels a bit suffocating. --- I told you not to make Polygon so open; now it’s a hacker’s paradise. --- EtherHiding’s bad tricks have been renewed again. Security teams should be working overtime. --- Using smart contracts to wage infrastructure wars—this isn’t a financial attack, it’s an infrastructure war. --- The Polygon ecosystem should thoroughly check how many of these "hidden guests" it still has.

View OriginalReply0

MetadataExplorer

· 01-19 10:24

Wow, hiding C2 servers on-chain? These guys are really clever, directly moving malicious software infrastructure onto Polygon, and even rotating proxy addresses dynamically... Traditional takedown methods are completely ineffective.

View OriginalReply0

FadCatcher

· 01-19 09:31

Damn, DeadLock's move is brilliant. Directly deploying C2 on-chain for rotation proxy—aren't they asking for death or are they truly invincible?

View OriginalReply0

PriceOracleFairy

· 01-16 13:53

ngl this is peak market entropy right here... ransomware using smart contracts as literal infrastructure? that's not even an attack vector anymore, that's just... scalable operations on-chain. the rotation mechanism though—that's some oracle-level sophistication. polygon getting weaponized while everyone's obsessing over yields lmao

Reply0

AlwaysAnon

· 01-16 13:51

Damn, these people really treat the chain like an underground studio, constantly rotating proxy addresses, making it hard to defend against.

View OriginalReply0

ExpectationFarmer

· 01-16 13:50

No way, using smart contracts as the infrastructure for a botnet? These guys are really something else.

View OriginalReply0

MidnightSnapHunter

· 01-16 13:44

Really? Hackers are now using smart contracts as C2 servers. That's pretty wild.

View OriginalReply0

notSatoshi1971

· 01-16 13:38

Wow, DeadLock's move is really impressive. Using Polygon as a C2 server? Who came up with that? --- On-chain invisibility techniques are getting more and more outrageous. Traditional firewalls can no longer contain these folks. --- Contracts being used as hacker infrastructure—will Polygon's reputation be hammered again? --- It has that state-sponsored vibe. This is no longer small-scale skirmishes. --- It feels like every couple of months, there's a new way to weaponize blockchain. It's really hard to defend against.

View OriginalReply0