Share this article
The hack produced a popup window that encouraged Polygon and Fantom users to enter their wallet seed phrase.
Hackers Compromise Gateways to Polygon, Fantom
Two Ankr RPC gateways for accessing Polygon and Fantom have been compromised.
We are investigating some reported issues on our community @0xPolygon and @FantomFDN RPCs.
‼️For the time being, please use https://t.co/LcnNn1OIWH and https://t.co/LrPIztRL1y
— Ankr (@ankr) July 1, 2022
Hackers exploited a vulnerability to attack the node infrastructure firm’s gateways to Polygon and Fantom Friday. Users who had accessed the Layer 1 networks via Ankr’s endpoints were presented with a popup window that tried to trick them into entering their wallet seed phrase. “Funds are at risk,” the malicious note read, accompanied by a link to a website prompting users to enter their seed phrase. By gathering seed phrases, the hackers could gain access to their targets’ wallets to steal their funds.
Ankr provides access to Proof-of-Stake blockchains by offering node endpoints, staking services, and other products. It’s considered a crucial pillar of Web3 infrastructure alongside other similar projects like Alchemy and Infura. However, like most other node operators, it’s a centralized entity owned by a company rather than a DAO.
The pseudonymous security researcher CIA Officer alerted users to the hack on Twitter Friday, before Polygon’s chief information security officer Mudit Gupta put out a message urging users to use Alchemy or an alternative node provider until the bug is fixed. Gupta then added that Polygon would “work closely with Ankr to ensure this does not happen again” and teased plans of a decentralized RPC gateway project. Ankr also confirmed the attack on Twitter, saying it was “investigating some reported issues.”
The full scale of the exploit is currently unknown, and Ankr is yet to post a full report. In the meantime, the team has directed Polygon and Fantom users to two alternative RPC endpoints.
Update: Ankr has confirmed that the affected RPC gateways have been “fully restored.”
Disclosure: At the time of writing, the author of this piece owned ETH, MATIC, FTM, and several other cryptocurrencies.
Share this article
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.
