Ethical Hacking News
In a significant shift in the tactics employed by cybercriminals, DeadLock ransomware has been identified as one of the first groups to utilize blockchain-based anti-detection methods. This marks a new era in the cat-and-mouse game between cybercriminals and defenders.
The DeadLock ransomware gang has started using blockchain-based anti-detection methods to evade defenders. The group uses Polygon smart contracts to obscure its command-and-control (C2) infrastructure, making it difficult for defenders to block. This technique is called "EtherHiding" and has been observed in North Korean state-sponsored attacks since February 2025. The use of blockchain-based smart contracts blurs the lines between legitimate and malicious use of this technology.
In a recent development that has left cybersecurity experts and researchers alike scratching their heads, the DeadLock ransomware gang has been identified as one of the first groups to utilize blockchain-based anti-detection methods in an effort to evade defenders' attempts to analyze their tradecraft. This marks a significant shift in the tactics employed by cybercriminals, who have traditionally relied on more conventional methods such as encryption and data leaks.
According to researchers at Group-IB, DeadLock has been using Polygon smart contracts to obscure its command-and-control (C2) infrastructure since its first spotted attack in July 2025. This move is not only unusual but also demonstrates a level of sophistication that is typically reserved for more established and well-funded groups.
The use of blockchain-based smart contracts by the DeadLock group allows it to rotate its proxy server URL frequently, making it extremely difficult for defenders to permanently block its infrastructure. This exploit of smart contracts has been dubbed "EtherHiding" by Google Threat Intelligence Group (GTIG) threat hunters, who have observed similar techniques being used by North Korean state-sponsored attackers since February 2025.
The DeadLock group's decision to abandon traditional methods such as double extortion and data leaks in favor of blockchain-based anti-detection methods is a clear indication that the cybercriminal landscape is evolving at an unprecedented rate. As researchers continue to study this new development, it is becoming increasingly clear that the lines between legitimate and malicious use of blockchain technology are becoming increasingly blurred.
According to Xabier Eizaguirre, threat intelligence analyst at Group-IB, "This exploit of smart contracts to deliver proxy addresses is an interesting method where attackers can literally apply infinite variants of this technique; imagination is the limit." This statement underscores the potential threat posed by DeadLock's use of blockchain-based smart contracts and highlights the need for researchers and defenders to stay vigilant in their efforts to monitor and counter this evolving threat.
As with any significant development in the world of cybersecurity, it is essential to understand the implications of DeadLock's actions and how they may impact the broader landscape. The use of blockchain-based anti-detection methods by the DeadLock group represents a new frontier in the cat-and-mouse game between cybercriminals and defenders.
It remains to be seen whether this trend will continue, but one thing is certain – the rise of blockchain-based anti-detection methods marks an exciting, albeit unsettling, development in the world of ransomware. As researchers and defenders continue to study and counter these new tactics, it is crucial that we remain aware of the evolving threat landscape and take steps to protect ourselves against these emerging threats.
Related Information:
https://www.ethicalhackingnews.com/articles/A-New-Era-of-Ransomware-The-Rise-of-Blockchain-Based-Anti-Detection-Methods-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/01/14/deadlock_ransomware_smart_contracts/
https://www.itpro.com/security/ransomware/deadlock-ransomware-polygon-smart-contract-abuse
https://threatscene.com/blog-update/deadlock-ransomware-current-assessment-and-defender-guidance/
https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/
https://en.wikipedia.org/wiki/Advanced_persistent_threat
Published: Wed Jan 14 08:32:32 2026 by llama3.2 3B Q4_K_M
