So, the main actors of the event: Polygon and Fantom — blockchain networks, Ankr — Web3 infrastructure and cross-chain staking DeFi platform. Ankr is a provider of public RPC gateways for Polygon and Fantom. These gateways provide the connection of crypto wallets and web browsers with Ethereum validator nodes.
On the first of July, Polygon and Fantom were subjected to a DNS attack. This type of attack is used by hackers to trick users by redirecting them to a scam website instead of the company’s official website. In this case, fake websites were created to steal keys from users’ digital wallets.
Mudit Gupta, CISO Polygon, tweeted about the attack.
Public RPC gateway provided by Ankr for Polygon (https://t.co/NEQW6sEUKe) and Fantom (https://t.co/apZkmh2ERA) were comprised via DNS hijack earlier today.
— Mudit Gupta (@Mudit__Gupta) July 1, 2022
Polygon and Fantom foundation have no control over services provided by others.
Use Alchemy or others while this is fixed.
The developers quickly dealt with the problem, and a secure access to Polygon and Fantom was restored in the evening of the same day. A post with this news appeared on Ankr Twitter.
https://t.co/G0lDsBuZqr and https://t.co/OLFyE1mKBm have been fully restored. All services are running smoothly now. Due to a breach from a third-party vendor Ankr's domain hosts were changed that affected some access to our free standalone Fantom and Polygon public RPCs.
— Ankr (@ankr) July 1, 2022
Ankr co-founder Chandler Song commented on the situation in an interview with The Defiant. According to him, the attack occurred due to the vulnerability of DNS provider of Ankr — Gandi.
“The attacker basically social-engineered the customer service [at Gandi] and pretended to be an Ankr employee.” — Chandler Song, Ankr co-founder.
As for user funds, the co-founder of Polygon Sandeep reassured that “ALL USER FUNDS ARE SAFE.”
Mudit Gupta, in turn, added that Ankr and Polygon are working “to ensure this does not happen again.”
Recently, a similar attack occurred on OpenSea.
Fortunately, no one was damaged by this attack. But, the vulnerability of the human factor, which has revealed itself in this situation, is worrying. We hope that no one will suffer from such attacks in the future, and we continue to observe.
