A blockchain infrastructure supplier named Ankr said on Friday that parts of the services it provided to Polygon and Fantom were under attack from hackers.
Ankr posted on Twitter that they are investigating their Polygon and Fantom Foundation Remote Procedure Calls (RPC). They also provided RPCs for short-term replacement. To transfer data between networks, software communication tools called RPCs are utilised.
Attack on Polygon
The chief information security officer at 0xPolygon, Mudit Gupta, revealed on Twitter that a DNS hijack has compromised Ankr's RPC gateway for Polygon and Fantom. He further emphasised that his business has no control over the services rendered by third parties.
Fantom has additionally cautioned its users not to use the compromised RPC.
Gupta acknowledged using Ankr and suggested utilising Alchemy RPCs until the issue was resolved. Additionally, he emphasised that Polygon is creating its own RPC to improve reliability.
It was shown that the wallets of Ambire Wallet do not support the Polygon and Fantom networks. QuickSwap DEX has also advised users not to use the compromised networks until further information is available.
Phishing Assault
An error message urging users to transfer their payments to polygonapp[.]net is displayed to users of the hacked RPC. The fraud redirects customers to a another page where they can enter their seed.
It's unknown how much harm the attack caused. A new attack vector that targets RPC endpoints has recently been added to a long list of security issues that Web3 organisations must address.
Additionally, the attack comes in the wake of many large cryptocurrency attacks that happened in July. Harmony, a decentralised exchange, was the biggest victim last month when $100 million in platform funds were stolen.
Bored Ape and Otherside NFT projects' Discords were hijacked, while an exploit cost the Ethereum-based DeFi platform Inverse Finance $1.2 million.