TL;DR
DNS Attack
Mudit Gupta, Polygon’s Chief Information Security Officer, announced on Friday, that Ankr, the supplier of the Node infrastructure for its network, was subject to a DNS attack.
Public RPC gateway provided by Ankr for Polygon (https://t.co/NEQW6sEUKe) and Fantom (https://t.co/apZkmh2ERA) were comprised via DNS hijack earlier today.
— Mudit Gupta (@Mudit__Gupta) July 1, 2022
Polygon and Fantom foundation have no control over services provided by others.
Use Alchemy or others while this is fixed.
The attackers were able to take control of two platforms RPC (a kind of software communication tool used to send data between networks), Polygon and Fantom. The hackers could be attempting to ingeniously fool consumers into divulging their wallet seed phrase.
Ankr acknowledged that it was addressing the concerns identified by the community while recommending that they use different RPCs in place of the compromised ones. Chandler Song, co-founder of Ankr, replied to Mudit Gupta on twitter:
“Actually this is caused by @gandibar changing their customers' email addresses without their approval.”
Ankr has tweeted a statement where they've shared all the required details related to this issue.
1/ Full Ankr Statement
— Ankr (@ankr) July 1, 2022
🧵
As the result of a social engineering attack on one of our Domain registrars the nameservers on 2 of our free, community-sourced RPCs, https://t.co/svX9Ba6p4o and https://t.co/N5IfGlD9ji were temporarily changed. We neutralized this attack quickly.
In addition to assuring consumers that their funds were secure, Polygon co-founder Sandeep Nailwal also suggested them to use alternative RPC service providers like Infura and others.
GM,
— Sandeep | Polygon 💜🔝3️⃣ (@sandeepnailwal) July 1, 2022
1. Polygon POS RPC provided by @0xPolygon Infra provider @ankr were compromised by DNS hack. Currently Being resolved.
2. You can use any other RPC provider like @infura_io @AlchemyPlatform etc
3. Polygon POS chain is running perfectly fine
4. ALL USER FUNDS ARE SAFE https://t.co/8duSW4dTuN
Ankr stated that all services have been fully restored and are operating as expected as of now. This happened because a third company they use for DNS managed to alter some account details.
https://t.co/G0lDsBuZqr and https://t.co/OLFyE1mKBm have been fully restored. All services are running smoothly now. Due to a breach from a third-party vendor Ankr's domain hosts were changed that affected some access to our free standalone Fantom and Polygon public RPCs.
— Ankr (@ankr) July 1, 2022
Phishing Attacks on users
A message urging users to instantly move their funds to another platform with the address polygonapp[.]net was sent to users of the compromised RPC. They are then sent to a completely different website that requests their seed phrase. Malicious actors always come up with innovative strategies and tactics on how to deceive trusting people. Recently, six people were charged by the U.S. Department of Justice for their involvement in different crypto crimes.
Crypto Projects affected by similar attacks
On June 24, a similar DNS assault took place, and other DeFi initiatives were taken over. Projects including Convex Finance, Ribbon Finance, Allbridge, and DeFisaver were among those that were impacted. The affected projects were all using Namecheap as their domain registrar. All of the affected projects used Namecheap to register their domains.
So far 4 #ethereum DeFi projects experienced a DNS hijack attack.@ConvexFinance @ribbonfinance @DeFiSaver and Allbridge.
— Lefteris Karapetsas | Hiring for @rotkiapp (@LefterisJP) June 24, 2022
They are all using @Namecheap and logged into their accounts to see DNS changed. So far namecheap has provided no explanation.@Namecheap this is serious pic.twitter.com/KD9w8GJAgp
Crema Finance tweeted on Sunday to report that a hacking attempt had occurred on their protocol and that they had temporarily discontinued the service and started an investigation.
🚨🚨Attention! Our protocol seems to have just experienced a hacking. We temporarily suspended the program and are investigating it. Updates will be shared here ASAP.
— CremaFinance (@Crema_Finance) July 3, 2022
Other Reads
- Ethereum Bulletin
- ConsenSys’ partnership with StarkWare
- Akula Ethereum Implementation
- SwaySwap launch on Ethereum's Modular Execution Layer
- Sepolia Testnet Merge
- Ethereum Gray Glacier Upgrade
- Everything about NFT Drop for The Testers
Disclaimer: The information contained on this web page is for education purposes only. Readers are suggested to conduct their own research, review, analyze and verify the content before relying on them.
To publish press releases, project updates, and guest posts with us, please email at contact@etherworld.co.
Subscribe to EtherWorld YouTube channel for ELI5 content.
Share if you like the content. Support us at Gitcoin
You've something to share with the blockchain community, join us on Discord!