en
Back to the list

Two Polygon And Fantom Frontends Hit By DNS Attack Via Ankr’s Services

Security

www.cryptovibes.com 04 July 2022 05:11, UTC
  
Reading time: ~2 m

The domain name system (DNS) of web3 infrastructure firm Ankr was allegedly hijacked by hackers to steal users’ seed phrases. However, the firm said no users’ funds were compromised, although it cannot confirm whether any user was a victim of the cyber attack.

Ankr Says Services Have Returned To Normal

The attack came via a hacker who forfeited a scam-like pop-on on Fantom and Polygon networks. The Ankr team has since recovered from the infrastructure failure, and informed users that their funds are safe.

The attack was first exposed by the independent security research firm “CIA Officer”. It was immediately taken to Twitter by the Chief Executive Officer of Polygon, Mudit Gupta, warning users against the attack. He urged users to use alternative services while the company is still trying to solve the situation. Gupta also mentioned the main target and leading player of such infrastructure failure.

Two RPC Polygon And Fantom Interfaces Were Affected

However, hours after the hacking incident, Ankr released a statement on Twitter, assuring users that the incident has been neutralized and all users are safe. The company also assured users that all its main services are not affected by the incident. However, it noted that two free-to-use public remote procedure call (RPC) interfaces for Polygon and Fantom on a linked site were compromised temporarily.

The exploit started with a hoax that targeted Ankr’s centralized entity. The hacker allegedly deceived a third-party DNS provider and gained access to Fantom and Polygon’s domains. Gandi, Ankr’s web service provider, was deceived by the fake identity of the hacker and accepted to change the email address of the domain registrar account.

As a result, users who had access to the blockchains via Ankr’s endpoints received a phishing phase that requested an urgent reset of their seed Polygon App. This gave the hackers access to the users’ funds through the seed phrases of the affected users.


   Source
Back to the list