The worm was controlled by an uncommon mechanism that was designed to be tamper proof. It used an Internet Computer Protocol-based canister, a form of self-enforcing smart contract designed to be impossible for third parties to take down or alter. The canister could point to ever-changing URLs for servers hosting malicious binaries. By giving the attackers a way for the worm to find control servers, the attackers can constantly swap out URLs at any time. Infected machines reported to the canister once every 50 minutes.

In an email, Aikido researcher Charlie Eriksen said the canister was taken down Sunday night and is no longer available.

Wow crypto is such a disappointment