DeadLock ransomware uses Polygon smart contracts to evade tracking
According to Odaily, Group-IB monitoring has revealed that the ransomware family DeadLock is currently using Polygon smart contracts to distribute and rotate proxy server addresses in order to evade security detection. This malware was first discovered in July 2025 and embeds JS code interacting with the Polygon network into HTML files, using RPC lists as gateways to obtain attacker-controlled server addresses. This technique is similar to the previously discovered EtherHiding, aiming to leverage decentralized ledgers to build covert communication channels that are difficult to block. DeadLock has already produced at least three variants, with the latest version embedding the encrypted communication application Session to communicate directly with victims.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
dYdX Annual Report: Cumulative Trading Volume Exceeds $1.55 Trillion
Defiance decides to close its Nasdaq-listed Ethereum ETF
Analyst: OG holders' selling pressure is easing, bitcoin may surge towards the $107,000 target price
Crypto Banter founder: Has sold all BitMine holdings, does not believe the company should invest in influencers
Trending news
MoreCrypto prices
More
