Is Polygon Under Attack? Hackers Target Polygon and Fantom

2 years ago 108

The post Is Polygon Under Attack? Hackers Target Polygon and Fantom appeared first on Coinpedia - Fintech & Cryptocurreny News Media| Crypto Guide

Ankr, a provider of blockchain infrastructure, announced on Friday that hackers were targeting some of the services it offered to Polygon and Fantom. Ankr reported that they are looking into their Polygon and Fantom Foundation Remote Procedure Calls on their Twitter account (RPC). They also offered temporary replacement RPCs. RPCs are a type of software communication tool used to transfer data between networks.

The chief information security officer at 0xPolygon, Mudit Gupta, revealed on Twitter that a DNS hijack has compromised Ankr’s RPC gateway for Polygon (polygon-rpc.com) and Fantom (rpc.ftm.tools). He further said that his business has no control over the services rendered by third parties.

Public RPC gateway provided by Ankr for Polygon (https://t.co/NEQW6sEUKe) and Fantom (https://t.co/apZkmh2ERA) were comprised via DNS hijack earlier today.

Polygon and Fantom foundation have no control over services provided by others.

Use Alchemy or others while this is fixed.

— Mudit Gupta (@Mudit__Gupta) July 1, 2022

Users Urged Not to Use The Network

Additionally, Fantom has urged its users not to make use of the hacked RPC. Gupta acknowledged working with Ankr and advised using Alchemy RPCs up until the problem is fixed. He also emphasized that Polygon is developing its own RPC in order to increase reliability.

The Polygon and Fantom networks are not available on Ambire Wallet’s wallets, it was disclosed. Users have also been urged by QuickSwap DEX to avoid using the compromised networks until additional details are available.

Attention please, attack on @0xPolygon is ongoing right now!

Users see an RPC error asking users to urgently reset their seed on polygonapp net (looks like this is wether DNS hijack or a form of a supply chain attack).

Just a scam popup to bring you to a page to put your seed. pic.twitter.com/fZxtlkKeDN

— CIA Officer (@officer_cia) July 1, 2022

An error message urging users to transfer their payments to polygonapp[.]net is displayed to users of the hacked RPC. The fraud redirects customers to another page where they can enter their seed.

It’s unknown how much harm the attack caused. However, a long list of security flaws that Web3 companies must fix has recently been expanded to include a new attack vector that targets RPC endpoints.

The attack also follows a number of significant cryptocurrency attacks that occurred in July. The greatest target last month was Harmony, a decentralized exchange, when $100 million in platform funds were taken.

Bored Ape and Otherside NFT projects’ Discords were hijacked, while an exploit cost the Ethereum-based DeFi platform Inverse Finance $1.2 million.

Read Entire Article