2026-01-15 15:50:57

A security research organization recently exposed a serious blockchain threat incident. The ransomware called DeadLock is abusing Polygon smart contracts to hide its true intentions.

Most importantly, this malware has abandoned the traditional hard-coded command and control (C2) server model, instead implementing decentralized command transmission through smart contracts—this significantly increases the difficulty of security defenses.

Attackers leverage the immutability and pseudo-anonymous properties of blockchain to embed malicious instructions into contracts. Infected devices periodically query these contracts to obtain the latest attack commands. Compared to traditional C2 infrastructure, which is easier to track and shut down, this on-chain command distribution mechanism is nearly invulnerable.

This incident reflects a reality: the openness of public chains like Polygon, while enabling innovation, is also exploited by malicious actors. The security protection of the Web3 ecosystem needs to be reconsidered.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

12 Likes

Reward
12
5
Repost
Share

Comment

0/400

GhostAddressMiner

· 8h ago

I directly checked the DeadLock contract address, and the fund flow has already split into three lines. The early dormant wallets suddenly became active, which is suspicious.

View OriginalReply0

SilentAlpha

· 8h ago

Oh my, this move is brilliant. Using smart contracts as C2 servers is really tough. Something's not right. Polygon being so open is like handing a knife to bad actors. The name DeadLock... is a bit harsh. On-chain distributed commands, the defense side is directly GG. This is the dark side of Web3, where innovation and risk are always a double-edged sword.

View OriginalReply0

PumpingCroissant

· 8h ago

Damn, this is truly foolproof. The on-chain C2 trick is brilliant. --- Polygon has been used as a hacking tool, and security issues really need to be taken seriously. --- Basically, the openness of Web3 has been exploited in reverse. Innovation and risk are always hard to balance. --- DeadLock directly puts ransomware on the chain. This idea... is a bit ruthless. --- No wonder traditional defense tactics don't work. This decentralized command system is indeed hard to trace. --- Another "creative" black industry case. Our ecosystem still needs to think more about countermeasures.

View OriginalReply0

probably_nothing_anon

· 9h ago

Damn, hackers are starting to use on-chain instructions now. The defense really needs to be upgraded. DeadLock's approach is brilliant—directly moving C2 on-chain, making it impossible to追踪. But honestly, it's the cost of the Polygon ecosystem. When you open up, you have to accept this kind of thing. Polygon is being forced to take the blame. They really need to think of a solution. If this becomes widespread, security defense will become hellishly difficult. The scary part is that in the future, every public chain will have to defend against this kind of thing. So is Web3 just a big honeypot or what... This approach is actually quite clever—immutable chain, high追踪成本... Defense is really tough. Contract-based C2, indeed there is no such thing as absolute security.

View OriginalReply0

ResearchChadButBroke

· 9h ago

Oh my god, Polygon was used as a command center by hackers, this is too outrageous --- The contract has truly become a C2 server, blockchain anonymity is indeed a double-edged sword --- The name DeadLock... is a bit arrogant, isn't it? --- On-chain command distribution can't be stopped, traditional firewalls need retraining --- Openness is being abused, is this the cost of Web3? --- Wait, does this mean our smart contracts could be invisible? --- Polygon will have to take the blame this time, but honestly, the entire ecosystem needs reflection --- Ransomware has evolved, what's next? Even DAOs are compromised --- Immutability has become a safe for malicious commands, how ironic --- These hackers are really good at playing, using our technology against us

View OriginalReply0