Ankr, a blockchain infrastructure provider, announced that hackers were targeting its Remote Procedure Calls (RPC) services which it offers to Polygon and Fantom.
The chief information security officer at 0xPolygon, Mudit Gupta, revealed on Twitter that a DNS hijack has compromised Ankr’s RPC gateway for Polygon (polygon-rpc.com) and Fantom (rpc.ftm.tools). He further emphasized that his business has no control over the services rendered by third parties.
Additionally, Fantom has urged its users not to make use of the hacked RPC. Gupta acknowledged working with Ankr and advised using Alchemy RPCs up until the problem is fixed. He also emphasized that Polygon is developing its own RPC in order to increase reliability.
The Polygon and Fantom networks are not available on Ambire wallets, it was disclosed. Users have also been urged by QuickSwap DEX to avoid using the compromised networks until additional details are available.
About the Attack on polygon and Fantom
An error message urging users to transfer their payments to polygonapp[.]net is displayed to users of the hacked RPC. The fraud redirects customers to a another page where they can enter their seed.
It’s unknown how much harm the attack caused. However, a long list of security flaws that Web3 companies must fix has recently been expanded to include a new attack vector that targets RPC endpoints.
The attack also follows a number of significant cryptocurrency attacks that occurred in July. The greatest target last month was Harmony, a decentralized exchange, when $100 million in platform funds were taken.
Bored Ape and Otherside NFT projects’ Discords were hijacked, while an exploit cost the Ethereum-based DeFi platform Inverse Finance $1.2 million.