PANews reported on January 16th that, according to Cointelegraph, researchers at cybersecurity firm Group-IB discovered a ransomware program called "DeadLock" that is using the Polygon smart contract to hide itself and rotate proxy addresses. First discovered last July, this ransomware dynamically updates the command and control infrastructure addresses used to communicate with victims by calling specific smart contracts. Once a victim is infected and their data is encrypted, DeadLock sends a ransom note threatening to sell the stolen data if its demands are not met.

Researchers point out that storing proxy addresses on-chain makes its infrastructure extremely difficult to compromise because there is no central server that can be shut down, and blockchain data is permanently stored on nodes worldwide. This method of abusing smart contracts to pass proxy addresses is highly variable. Although DeadLock currently has low visibility and a limited number of known victims, its novel attack methods still pose a potential threat to organizations that have not taken it seriously.