Web3 infrastructure company Ankr was the recent target of a hacking when hackers hijacked Ankr’s DNS on the Polygon and Fantom network.
A scam-like pop-up was displayed on the Polygon and Fantom network to steal users’ seed phases.
The news was brought to light by independent security research “CIA Officer”. Polygon CTO Mudit Gupta asked users to use alternative services while things were being fixed.
A few hours later, Ankr released a full statement on Twitter, assuring users that the attack had been quickly “neutralized.”
Ankr also informed users that the core services were unaffected, and only two free-to-use public remote procedure call (RPC) interfaces for Fantom and Polygon on an external site were shortly breached.
Analysis showed that the exploit started with a trick that targeted Ankr’s centralized entity while the perpetrator reportedly deceived a third-party DNS provider into giving the hacker access to Polygon and Fantom’s domains.
Gandi, Ankr’s web service provider was tricked by the hacker’s fake identity, thus agreeing to change the email address for the domain registrar account.
This would result in all users who had accessed the blockchains through Ankr’s endpoints would receive a phishing phase that asked them to urgently reset their seed on PolygonApp.
The hackers could steal their funds by having affected users’ seed phases. The compromise may have to do with Gandi’s domains as “a centralized point of failure.”
The project soon recovered the human-made errors and stated that no funds were lost due to this incident.
