A hacker attempted to exploit Polygon and Fantom users by producing a phishing pop-up. The attacker was able to do this as he had accessed Polygon and Fantom’s remote procedure call (RPC) interfaces via the Web3 infrastructure platform Ankr. He tricked a third-party domain name system (DNS) provider into giving access to Polygon and Fantom’s domains.
The pop-up directed users to malicious websites created to steal the keys to their digital wallets. Chandler Song, the Ankr co-founder, highlighted that the attack began with a breach at Ankr’s DNS provider Gandi. He said the attacker social-engineered the customer service at Gandi and posed as an Ankr employee. Song revealed that he had the entire corporate email address changed on Gandi.
A pair of codes that Ankr, an infrastructure firm, offers the Polygon and Fantom communities’ was affected. The hacker sent users an error message which directed them to a website where they were instructed to connect their crypto wallets. Song described this as a “phishing scam”. He hopes that no user clicked on the websites. The executive said that so far, they haven’t heard of anyone clicking on the websites.
However, Song lashed out at Gandi’s security practices. He said it was too easy for the hacker to successfully impersonate an Ankr employee. Song pointed out that Ankr had already ditched Gandi as its DNS provider for its free Polygon and Fantom RPC service.
Sandeep Nailwal, the Polygon co-founder, assured users that the Polygon blockchain was running without issues. Furthermore, Mudit Gupta – the chief information security officer – said they are looking into longer-term solutions that would prevent a repeat of Friday’s breach. Polygon is working on a more centralized alternative as a research project and a foundation-owned RPC node for more reliability.
