Polygon smart contracts under attack, but the real danger may be just starting!

ambcrypto2026-01-17 tarihinde yayınlandı2026-01-17 tarihinde güncellendi

Özet

Blockchain technology's growth is increasingly exploited by threat actors, as evidenced by the DeadLock ransomware. This group uses Polygon smart contracts to dynamically rotate server addresses, making their infrastructure more resilient and evading traditional disruption methods. This highlights a concerning shift where decentralized systems, originally designed to prevent centralized abuse, are now being weaponized. Security firm Group-IB warns this is part of an emerging trend, citing similar campaigns like North Korea's UNC5342 using "EtherHiding" on Ethereum. The abuse of smart contracts for malware distribution and ransomware operations signals a deeper, growing threat to blockchain networks.

As blockchain adoption continues to grow, so does its misuse.

At a fundamental level, the technology is widely used to improve liquidity and efficiency across industries. However, threat actors are now leveraging it to make their infrastructure more resilient and harder to disrupt.

DeadLock ransomware is a clear example of this shift. According to Group-IB research, DeadLock uses Polygon [POL] smart contracts to rotate server addresses, allowing it to evade traditional detection methods.

Naturally, this puts the broader decentralization narrative under scrutiny.

In this case, Polygon smart contracts are the ones under pressure. Why does this matter? Blockchain technology was originally designed to prevent the kind of abuse historically seen in traditional, centralized systems.

However, the use of Polygon smart contracts to support ransomware operations shows that decentralized infrastructure can also be exploited by threat actors, raising the question: What does this mean for the network?

Polygon smart contracts – Part of an emerging malware trend

Looking closely, DeadLock isn’t just another ransomware.

In a centralized system, stopping an attack can be as easy as flipping a switch. However, with decentralized setups like Polygon smart contracts, teams can’t just “turn it off” as the control is baked into the core of the network.

Notably, that’s exactly what this technique is taking advantage of. And now, imagine this as part of an “emerging trend” where more attacks are likely to leverage smart contracts across other blockchain platforms.

That brings us to what Group-IB analysts are warning about.

As shown in the chart above, Google recently reported that the North Korean (DPRK) threat actor UNC5342 used a technique called “EtherHiding.” This leverages blockchains to store and retrieve payloads.

Meanwhile, another campaign used Ethereum [ETH] smart contracts which were then used to download second-stage malware. In short, the DeadLock trick with Polygon smart contracts isn’t the end of this trend.

Instead, it could be just the start of deeper smart contract abuse.

Final Thoughts

DeadLock ransomware exploits Polygon smart contracts to rotate server addresses, showing how decentralized infrastructure can be abused.
Smart contract abuse is an emerging trend, with other campaigns like UNC5342 signaling deeper threats across blockchain platforms.

İlgili Sorular

QWhat is the primary method used by DeadLock ransomware to evade detection, according to the article?

ADeadLock ransomware uses Polygon smart contracts to rotate server addresses, allowing it to evade traditional detection methods.

QWhy can't teams simply 'turn off' an attack when it uses decentralized setups like Polygon smart contracts?

ABecause the control is baked into the core of the network in decentralized setups, making it impossible to just 'turn it off' like in a centralized system.

QWhat emerging trend in malware attacks does the article highlight beyond the DeadLock case?

AThe article highlights an emerging trend where threat actors are leveraging smart contracts across various blockchain platforms to store and retrieve payloads or download malware, as seen with campaigns like UNC5342 using Ethereum smart contracts.

QWhich threat actor used a technique called 'EtherHiding' to leverage blockchains, as mentioned in the article?

AThe North Korean (DPRK) threat actor UNC5342 used a technique called 'EtherHiding' to leverage blockchains for storing and retrieving payloads.

QWhat does the abuse of Polygon smart contracts by ransomware operations raise questions about?

AIt raises questions about the security and implications for the network, as decentralized infrastructure can be exploited by threat actors, contrary to blockchain's original design to prevent abuse in centralized systems.

İlgili Okumalar

$500 to Buy OpenAI Stock: Silicon Valley's Most Respectable Liquidity Invitation

Silicon Valley's largest venture capital platform, AngelList, has launched a new fund called USVC, allowing U.S. retail investors to buy into high-profile AI companies like OpenAI, Anthropic, and xAI with a minimum investment of $500—no accredited investor status required. Promoted by AngelList co-founder Naval Ravikant, the fund is framed as an opportunity for ordinary people to access high-growth private tech investments traditionally reserved for VCs. However, critics argue it functions more like an exit vehicle for early insiders. USVC acquires shares not through primary rounds but largely via secondary transactions—purchasing stakes from early investors, VC funds, and employees looking to cash out at peak valuations. With companies like xAI heavily weighted in the portfolio, the fund effectively channels retail money into providing liquidity for insiders who entered at much lower valuations. The fund’s structure raises concerns: shares are illiquid, with no secondary market, and buybacks are limited and discretionary. The actual annual fee reaches 3.61%, far above the advertised 1% management fee. This model parallels the "low float, high fully diluted valuation" strategy seen in crypto, where early investors profit by selling to latecomers at inflated prices. The timing—alongside similar moves by platforms like Robinhood—suggests that Silicon Valley’s sudden interest in retail inclusion may be less about democratizing access and more about securing exits for insiders.

marsbit15 dk önce

$500 to Buy OpenAI Stock: Silicon Valley's Most Respectable Liquidity Invitation

marsbit15 dk önce

Bitcoin Approaches $80,000 Mark, ETF Funds Continue Inflow, Is the Crypto Market Shifting?

Bitcoin is approaching the $80,000 mark, reaching a new high since February, while Ethereum remains around $2,400 with some altcoins surging significantly. Over the past 24 hours, $462 million in futures contracts were liquidated, with shorts accounting for $353 million. The market fear and greed index has risen to 60, indicating neutral sentiment. Global risk assets continue to rebound, with U.S. stock markets hitting record highs. The S&P 500, Nasdaq, and Dow Jones all saw gains. Meanwhile, the U.S. dollar index remains stable around 98.61. Geopolitical developments, including a temporary extension of the U.S.-Iran ceasefire, have influenced market dynamics, though tensions persist. Bitcoin spot ETFs have seen six consecutive days of net inflows, with a peak single-day inflow of $663.91 million. Ethereum spot ETFs also recorded nine straight days of net inflows. Stablecoin market capitalization has risen to $320.6 billion, with a weekly net inflow of $635 million. Market analysts note that Bitcoin's recovery is supported by renewed spot demand and ETF inflows. However, high realized profits and low volatility suggest caution, with resistance expected near $80,000. Institutional and ETF-driven demand is strengthening market support, indicating a potential shift toward a new trading range with increased upward momentum.

marsbit15 dk önce

Bitcoin Approaches $80,000 Mark, ETF Funds Continue Inflow, Is the Crypto Market Shifting?

marsbit15 dk önce

Anthropic Survey of 80,000 Claude Users: Those Who Use AI to Improve Efficiency the Fastest Feel the Least Secure About the Future

Anthropic surveyed 81,000 Claude users and found a paradox: those who benefit most from AI efficiency gains—like programmers and designers—are also the most anxious about being replaced by AI. Early-career workers expressed greater job insecurity than senior professionals. High-wage and low-wage occupations reported the largest productivity improvements, often through task scope expansion. Nearly half of users cited expanded capabilities as the key benefit, while 40% highlighted increased speed. However, those experiencing the greatest speed boosts reported higher levels of anxiety about job displacement. The findings suggest that AI’s economic impact is already affecting the labor market psychologically, even as many individuals report personal gains from AI use.

marsbit54 dk önce

Anthropic Survey of 80,000 Claude Users: Those Who Use AI to Improve Efficiency the Fastest Feel the Least Secure About the Future

marsbit54 dk önce

US Military Confirms Running Bitcoin Node, Four-Star General Calls It a 'Power Projection Tool'

U.S. Indo-Pacific Command (INDOPACOM) Commander Admiral Samuel Paparo has confirmed that the military command is operating a Bitcoin network node and conducting cybersecurity tests using the protocol. In testimonies before the Senate and House Armed Services Committees, Paparo characterized Bitcoin not as a financial asset but as a "computer science tool" and a "tool of national power." He emphasized its value in cybersecurity, particularly the proof-of-work mechanism, which imposes physical costs on attackers and can be applied in both offensive and defensive cyber operations. This marks a significant shift in the Pentagon’s narrative, moving from targeting illicit finance to recognizing Bitcoin as a technology with national security implications. INDOPACOM is not mining Bitcoin but is using the node for monitoring and operational testing. The move signals the U.S. military’s direct participation in the Bitcoin network and reflects growing geopolitical interest in the protocol’s strategic potential.

marsbit1 saat önce

US Military Confirms Running Bitcoin Node, Four-Star General Calls It a 'Power Projection Tool'

marsbit1 saat önce

Contract Audit Passed, Thermometer Did Not: Polymarket's 'Physical Vulnerability' Moment

According to reports, an individual manipulated temperature sensors at Paris Charles de Gaulle Airport (LFPG) on April 6th and 15th, causing brief, anomalous spikes of over 3°C. These events were allegedly orchestrated to profit from corresponding low-probability bets on the prediction market Polymarket, turning a small investment into approximately $34,000. The French national meteorological service, Météo-France, filed a criminal lawsuit after discovering signs of physical tampering. The attack required minimal technical skill; the perpetrator reportedly used a battery-powered hairdryer to briefly heat the publicly accessible sensor. Polymarket’s market for Paris temperature settles based on the day's highest recorded temperature from a data chain that runs from the physical sensor to Météo-France, to Weather Underground, and finally to its smart contract. In response, Polymarket did not void the profits or make an official statement. It silently changed the data source for its Paris market from LFPG to Le Bourget Airport (LFPB), a location with similarly unprotected sensors. This incident highlights a critical vulnerability: while the smart contracts are audited and secure, the physical data sources feeding them remain exposed and easy to manipulate.

marsbit1 saat önce

Contract Audit Passed, Thermometer Did Not: Polymarket's 'Physical Vulnerability' Moment

marsbit1 saat önce

İşlemler

Spot

Futures