Polygon, Fantom Suffers DNS Attack

Uno
Polygon

Polygon’s Chief Information Security Officer, Mudit Gupta announced on Friday, that Ankr, its network’s Node infrastructure provider suffered a domain name system (DNS) attack.

The attackers were able to hijack the RPCs of two crypto-related platforms, Polygon and Fantom. According to available information, the hackers could be looking to deviously trick users to provide information about wallet seed phrase.

RPCs are a type of software communication tool used to transfer data between networks.

Ankr revealed that it was working on the issues raised by the community members while advising them to use other RPCs as an alternative to the compromised ones.

A tweet update from Ankr cofounder Chandler Song revealed that the hack was “caused by @gandibar changing their customers’ email addresses without their approval.”

Gandibar is a popular domain name registrar.

Sandeep, Polygon co-founder, confirmed that its users’ funds were safe while also advising them to use other RPC providers like Infura and others.

Polygon Attackers Asked For Seed Phrase

Available details indicated that users of the compromised RPC received an error message directing them to immediately transfer their funds to another platform with the address: polygonapp[.]net.

Through this, they get transferred to an entirely different page asking for their seed phrase.

Malicious players are always devising new methods and plans on how to defraud unsuspecting individuals. Earlier today, the U.S. Department of Justice indicted six individuals for their roles in various crypto crimes.

Other Crypto Projects Suffered Similar Attacks

Notably, a similar DNS attack happened on June 24 with several DeFi projects being hijacked. Some of the affected projects here were Convex Finance, Ribbon Finance, Allbridge, and DeFisaver.

According to available information on that attack, the affected projects were all using Namecheap as their domain registrar.

A tweet from Richard Kirkendall, the CEO of Namecheap, revealed that the attack was traced to a “specific CS agent that was either hacked or compromised,” however, the firm has “removed all access from this agent.”