TechFlame reports that, according to Group-IB monitoring, the ransomware family DeadLock is leveraging Polygon smart contracts to distribute and rotate proxy server addresses in order to evade security detection. First discovered in July 2025, this malware embeds JavaScript code that interacts with the Polygon network within HTML files, using RPC lists as gateways to obtain server addresses controlled by the attackers. This technique is similar to the previously identified EtherHiding, aiming to utilize decentralized ledgers to build covert communication channels that are difficult to block. DeadLock has already spawned at least three variants, with the latest version also embedding the encrypted communication app Session to directly communicate with victims.