Hackers aimed at one of blockchain’s most innovative companies this week, targeting services provided to Polygon and Fantom. Blockchain infrastructure company Ankr on Friday shared this information.
Anker announced on Twitter that their team is currently investigating their Polygon and Fantom Foundation Remote Procedure Calls (RPC). In the meantime, they have provided alternate options for those who need them.
The RPC is a software communication program used to exchange information across different networks.
We are investigating some reported issues on our community @0xPolygon and @FantomFDN RPCs.
‼ï¸For the time being, please use https://t.co/LcnNn1OIWH and https://t.co/LrPIztRL1y
— Ankr (@ankr) July 1, 2022
Polygon Under Attack
The chief information security officer of 0xPolygon, Mudit Gupta, revealed on Twitter that the company’s gateway for Polygons (polygon-rpc.com) and Fantoms (rpc.ftm.tools) were compromised due to a DNS hijack. He also stressed that his company has no control over services provided by others.
Fantom has asked its users not to use the compromised RPC, which could allow hackers access to your system.
Gupta has been working with Ankr and suggested using Alchemy RPCs until they resolve this issue. He also said that Polygons’ team is hard at work creating their own remote procedure call (RPC) to ensure more reliability.
Whereas Ambire Wallet has revealed that the Polygon and Fantom networks are unavailable on their wallets. QuickSwap DEX has also requested that users not use the compromised networks until they have more information.
Due to issue with RPC endpoints, @0xPolygon and @FantomFDN networks are currently not functioning in Ambire.
Ambire is not vulnerable to this issue and funds are safe.
It's just an availability issue until the infrastructure is up and running https://t.co/vWxyag51Wa
— Ambire Wallet (@AmbireWallet) July 1, 2022
A Phishing Attack
When the users of the compromised RPC log onto their accounts, they see an error message asking them to send all funds to polygonapp[.]net. The scam transfers the users to a different page to put their seed.Â
It is still unclear what kind of damage was caused by this new attack. However, an attack vector targeting RPC endpoints is the latest addition to the long list of security vulnerabilities. This means that Web3 companies need a thorough understanding and rigorous defense strategy for their platform, or else it could be compromised in seconds.
It seems like crypto hacks are becoming more and more common. Just this past month, Harmony- a decentralized exchange, was hacked for over $100 million dollars.
With these high-profile hacks, it’s clear that the security of blockchain technology remains a concern for many. For example, the Bored Ape and Otherside NFT projects’ discord were compromised, while Ethereum-based DeFi platform Inverse Finance lost $1.2 million to an exploit.Â
