A new attack operated in the cryptocurrency ecosystem. The hacker first started by deceiving the vigilance of Ankr’s DNS provider, in particular its customer service, and accessed the domain registry to then attack Fantom and Polygon.
A phishing attack on Fantom and Polygon
On Friday morning, a hacker created a pop-up of phishing which he published, aimed at users of Fantom and Polygon. The alert was given by a Twitter account called CIA : « Attention, please, an attack on @0xPolygon is underway right now! Users are seeing an RPC error asking them to urgently reset their seed on polygonapp net (it seems to be a DNS hijacking or some form of supply chain attack). It is simply a scam pop-up to take you to a page to enter your seed. »
To succeed, the scammer first tried to deceive Ankr’s DNS provider. (the third-party domain name system), which allowed him to have access to the RPC (Remote Procedure Call, i.e. the remote procedure call interfaces) of the two Polygon and Fantom networks.
Specifically, the hacker posed as an employee of Gandi, a web service that hosts Ankr’s DNS. By sending a fake ID to Gandi’s customer service, he asked to change the email address of the administrator of an Ankr domain, replacing it with another email address that he provided to them.
DNS, a centralized point of failure in the Internet
The question that we all ask ourselves is the one that Peter Stewart, head of integration at Ankr, also asked himself, namely what Gandi “accepted as proof of this change”.
For Ryan Fang, co-founder of Ankr, this crisis puts the weaknesses of the DNS back on the agenda: ” The DNS is unfortunately still a centralized point of failure in the Internet ».
At the moment, fortunately, no user funds have been stolen by the scammers, although we still have to wait some time before we can confirm that all users have been spared.
Mudit Gupta, head of IT security at Polygon explains that “he this was a third-party outage that does not affect Polygon in any way. Meta also does not use this third party ». Ankr was able to take control of the DNS again about six hours after the attack.
What about the future of the collaboration between Ankr and Gandi? For the moment, everything should continue as before, reassures Fang, who wants to ask his suppliers to always use two-factor authentication from now on.
This attack takes place just a few days after Polygon made an important announcement, that of a partnership with Meta, in order to make available on Facebook, the NFTs minted on Polygon. At a time when the sale of these NFTs is already reaching their lowest sales level of the year, we really have to hope that this attempt by the scammers has not yet cooled the zeal of the last buyers of NFTs who may fear other cases of phishing.
Receive a digest of the news in the world of cryptocurrencies by subscribing to our new daily and weekly newsletter service so you don’t miss anything essential Cointribune!
Behind the generic signature “Editorial CT” are young journalists and authors with special profiles who wish to remain anonymous because they are involved in the ecosystem with certain obligations.
