Polygon smart contracts under attack, but the real danger may be just starting!

ambcryptoОпубліковано о 2026-01-17Востаннє оновлено о 2026-01-17

Анотація

Blockchain technology's growth is increasingly exploited by threat actors, as evidenced by the DeadLock ransomware. This group uses Polygon smart contracts to dynamically rotate server addresses, making their infrastructure more resilient and evading traditional disruption methods. This highlights a concerning shift where decentralized systems, originally designed to prevent centralized abuse, are now being weaponized. Security firm Group-IB warns this is part of an emerging trend, citing similar campaigns like North Korea's UNC5342 using "EtherHiding" on Ethereum. The abuse of smart contracts for malware distribution and ransomware operations signals a deeper, growing threat to blockchain networks.

As blockchain adoption continues to grow, so does its misuse.

At a fundamental level, the technology is widely used to improve liquidity and efficiency across industries. However, threat actors are now leveraging it to make their infrastructure more resilient and harder to disrupt.

DeadLock ransomware is a clear example of this shift. According to Group-IB research, DeadLock uses Polygon [POL] smart contracts to rotate server addresses, allowing it to evade traditional detection methods.

Naturally, this puts the broader decentralization narrative under scrutiny.

In this case, Polygon smart contracts are the ones under pressure. Why does this matter? Blockchain technology was originally designed to prevent the kind of abuse historically seen in traditional, centralized systems.

However, the use of Polygon smart contracts to support ransomware operations shows that decentralized infrastructure can also be exploited by threat actors, raising the question: What does this mean for the network?

Polygon smart contracts – Part of an emerging malware trend

Looking closely, DeadLock isn’t just another ransomware.

In a centralized system, stopping an attack can be as easy as flipping a switch. However, with decentralized setups like Polygon smart contracts, teams can’t just “turn it off” as the control is baked into the core of the network.

Notably, that’s exactly what this technique is taking advantage of. And now, imagine this as part of an “emerging trend” where more attacks are likely to leverage smart contracts across other blockchain platforms.

That brings us to what Group-IB analysts are warning about.

As shown in the chart above, Google recently reported that the North Korean (DPRK) threat actor UNC5342 used a technique called “EtherHiding.” This leverages blockchains to store and retrieve payloads.

Meanwhile, another campaign used Ethereum [ETH] smart contracts which were then used to download second-stage malware. In short, the DeadLock trick with Polygon smart contracts isn’t the end of this trend.

Instead, it could be just the start of deeper smart contract abuse.

Final Thoughts

DeadLock ransomware exploits Polygon smart contracts to rotate server addresses, showing how decentralized infrastructure can be abused.
Smart contract abuse is an emerging trend, with other campaigns like UNC5342 signaling deeper threats across blockchain platforms.

Пов'язані питання

QWhat is the primary method used by DeadLock ransomware to evade detection, according to the article?

ADeadLock ransomware uses Polygon smart contracts to rotate server addresses, allowing it to evade traditional detection methods.

QWhy can't teams simply 'turn off' an attack when it uses decentralized setups like Polygon smart contracts?

ABecause the control is baked into the core of the network in decentralized setups, making it impossible to just 'turn it off' like in a centralized system.

QWhat emerging trend in malware attacks does the article highlight beyond the DeadLock case?

AThe article highlights an emerging trend where threat actors are leveraging smart contracts across various blockchain platforms to store and retrieve payloads or download malware, as seen with campaigns like UNC5342 using Ethereum smart contracts.

QWhich threat actor used a technique called 'EtherHiding' to leverage blockchains, as mentioned in the article?

AThe North Korean (DPRK) threat actor UNC5342 used a technique called 'EtherHiding' to leverage blockchains for storing and retrieving payloads.

QWhat does the abuse of Polygon smart contracts by ransomware operations raise questions about?

AIt raises questions about the security and implications for the network, as decentralized infrastructure can be exploited by threat actors, contrary to blockchain's original design to prevent abuse in centralized systems.

Пов'язані матеріали

Cook's Curtain Call and Ternus Takes the Helm: The Disruption and Reboot of Apple's 4 Trillion Dollar Empire

Tim Cook has officially announced he will step down as CEO of Apple in September, transitioning to executive chairman after a 15-year tenure during which he grew the company’s market value from around $350 billion to nearly $4 trillion. He will be succeeded by John Ternus, a 50-year-old hardware engineering veteran who has been groomed for the role through increasing public visibility and internal responsibility. Ternus’s appointment signals a strategic shift toward hardware and engineering leadership, with Johny Srouji—head of Apple Silicon—taking on an expanded role as Chief Hardware Officer. This consolidation aims to strengthen Apple’s core technological capabilities. However, Cook’s departure highlights a significant unresolved issue: Apple’s delayed and fragmented approach to artificial intelligence. Despite early efforts, such as hiring John Giannandrea from Google in 2018, Apple’s AI initiatives—particularly around Siri—have struggled with internal restructuring and reliance on external partnerships, including with Google. The transition comes at a critical moment as Apple faces paradigm shifts with the rise of artificial general intelligence (ASI). The company’s closed ecosystem of hardware, software, and services—once a major advantage—now presents challenges in adapting to an AI-centric world where intelligence may matter more than the device itself. Ternus must quickly articulate a clear AI strategy, possibly starting at WWDC, to reassure markets and redefine Apple’s role in a new technological era. His task is not only to maintain Apple’s operational excellence but also to reinvigorate its capacity to innovate and lead in the age of AI.

marsbit48 хв тому

Cook's Curtain Call and Ternus Takes the Helm: The Disruption and Reboot of Apple's 4 Trillion Dollar Empire

marsbit48 хв тому

W3.io and Space and Time Collaborate to Launch Verifiable AI Finance Infrastructure

W3.io and Space and Time have partnered to launch a verifiable AI finance infrastructure designed to address the accountability gap in autonomous financial operations. The collaboration combines W3’s platform for creating and automating agent-powered financial workflows with Space and Time’s verifiable data blockchain, ensuring end-to-end proof from execution to settlement. This two-layer verification system processes over 200,000 operations daily and has been validated in production by Creatorland, a platform serving 100,000 content creators. The partnership enables businesses to deploy multi-vendor financial processes quickly and auditably, with support from integrations including Circle, Stripe, and PayPal. The system provides a trust layer for autonomous financial movements, ensuring data integrity and operational transparency beyond traditional cloud databases.

TheNewsCrypto3 год тому

W3.io and Space and Time Collaborate to Launch Verifiable AI Finance Infrastructure

TheNewsCrypto3 год тому

New York AG Sues Coinbase, Gemini Over Alleged State Law Violations

New York Attorney General Letitia James has filed a lawsuit against Coinbase and Gemini, alleging their prediction markets violate state gambling laws. The complaint argues these platforms operate as unlicensed gambling activities since outcomes rely on chance, not skill. Both companies are also accused of allowing users under 21, the legal age for mobile sports betting in New York. The suit seeks restitution for customers, repayment of illegal profits, civil penalties, and restrictions on marketing, including a ban on promoting services on college campuses. Following the news, Coinbase's stock fell roughly 10%, while Gemini's dropped about 4%.

bitcoinist4 год тому

New York AG Sues Coinbase, Gemini Over Alleged State Law Violations

bitcoinist4 год тому

Crypto Extortion Hits Strait Of Hormuz As Scammers Exploit Shipping Crisis

An emerging crypto extortion scam is targeting shipping companies with vessels stranded near the Strait of Hormuz, according to maritime risk firm Marisks. Criminals posing as Iranian security officials are sending fraudulent messages offering safe passage in exchange for transit fees paid in Bitcoin or Tether. The scam exploits desperation amid the ongoing regional conflict, which has severely restricted movement through the critical waterway. Victims are instructed to submit documents and pay a cryptocurrency fee to secure transit. However, the messages are not from Iranian authorities. Paying could not only result in financial loss but also potentially violate international sanctions, as any crypto transfer linked to Iranian entities may be considered material support. Legal risks remain even if companies are defrauded. The scheme appears to capitalize on earlier reports that Iran was considering a real crypto-based toll system.

bitcoinist7 год тому

Crypto Extortion Hits Strait Of Hormuz As Scammers Exploit Shipping Crisis

bitcoinist7 год тому

MIT Researcher Proposes New Path To Make Bitcoin Quantum-Safe

MIT Digital Currency Initiative director Neha Narula proposes a practical, staged approach to make Bitcoin quantum-safe. She argues that Bitcoin should immediately implement low-risk defenses through a soft fork, rather than waiting for full consensus on more complex issues. Her recommended solution involves deploying a post-quantum output type like P2MR (BIP 360) along with a new quantum-resistant signature opcode. This would allow users to securely migrate their funds to quantum-resistant addresses, provided they avoid address exposure. While this doesn’t resolve all challenges—such as how to handle inactive or lost coins—Narula emphasizes that immediate action reduces risk and provides time to gather data before a cryptographically relevant quantum computer emerges. She dismisses alternative proposals as impractical for broad use and acknowledges tradeoffs, such as reduced privacy efficiency, but insists progress shouldn’t be delayed by unresolved governance debates.

bitcoinist8 год тому

MIT Researcher Proposes New Path To Make Bitcoin Quantum-Safe

bitcoinist8 год тому

Торгівля

Спот

Ф'ючерси