Blockchain infrastructure company Ankr said on Friday that some of its services to two altcoin projects have been hacked.
Polygon and a major altcoin under attack
Ankr announced on their Twitter account that they are investigating Polygon and Phantom Foundation Remote Procedure Calls (RPC). They also provided alternative RPCs for now. RPCs are a software communication program used to exchange information between different networks.
We are investigating some reported issues on our community @0xPolygon and @FantomFDN RPCs.
‼️For the time being, please use https://t.co/LcnNn1OIWH and https://t.co/LrPIztRL1y
— Ankr (@ankr) July 1, 2022
Polygon and Phantom are under attack
0xPolygon’s chief of information security Mudit Gupta announced on Twitter that Ankr’s RPC gateway for Polygon (polygon-rpc.com) and Fantom (rpc.ftm.tools) has been compromised by a DNS compromise. He also stated that his company has no control over the services provided by others. Fantom has also asked its users not to use the compromised RPC.
1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.
More 🧵
— Harmony 💙 (@harmonyprotocol) June 23, 2022
Security chief Mudit Gupta revealed that he is working with Ankr. She also suggested using Alchemy RPCs until the issue is resolved she. Additionally, he emphasizes that Polygon is working on its own RPC to provide greater reliability.
Meanwhile, Ambire Wallet has announced that the Polygon and Fantom networks are unavailable for their wallets. QuickSwap DEX also asked users not to use compromised networks for a while.
Phishing attack
Users of the compromised RPC saw an error message asking users to transfer their money to polygonapp[.]net. The scam is transferring users’ seed words to a different page to get hold of them. The damage done by the attack is still unclear. However, a new attack vector targeting RPC endpoints has been added to a long list of vulnerabilities that Web3 companies have to contend with.
https://twitter.com/officer_cia/status/154829400143568897
The attack also came after several major crypto hacks in July. DEX platform Harmony was the top target last month, with $100 million stolen from the platform.
On Tuesday, June 29, Harmony appointed Blockchain analytics firm Chainalysis to track down the culprits behind the attack. Earlier, Harmony Protocol offered a $1 million bounty reward for the hacker to return $100 million. He also assured that no criminal action would be taken.
This week, an altcoin fell victim to a $1.2 million hack
cryptocoin.com The Bored Ape and Otherside NFT projects, which you follow, saw their Discord compromised, while Ethereum-based DeFi platform Inverse Finance lost $1.2 million due to a hack. Inverse Finance said it temporarily paused borrowing after an exploit was discovered.
The platform said on its Twitter account that the DOLA stablecoin has been removed from the money market Frontier. He added that no user funds were received or at risk and that he was investigating the incident. But reports from other Twitter users citing data on the blockchain indicate that at least $1.2 million was stolen from the platform. It is not yet clear whether the funds are from user wallets.
