Hackers take over the Ankr gateway for the Polygon and Fantom networks

According to a tweet by Polygon's chief information security officer Mudit Gupta, Ankr, a node infrastructure provider for proof-of-stake blockchains, suffered a domain name system (DNS) hijack on the RPC endpoints for Polygon and Fantom.



Unknown attackers used Ankr's RPC public domains to launch phishing attacks during the event.


Mudit Gupta, a proven hacker, revealed that the DNS attack was used to gain control of two URLs: https://polygon-rpc.com and https://rpc.ftm.tools.


Ankr exploited these connections to provide Remote Procedure Call, a node service used by cryptocurrency apps and wallets to connect to the Polygon and Fantom blockchains.


The RPC hijacking by Ankr appears to be an attempt to dupe users into revealing their wallet seed phrase.


In today's scenario, hackers were able to run phony messages urging users to reset their seed phrases on a phishing website they controlled by leveraging the DNS of Ankr's RPC links.


The domain name system is a technology that all websites utilize to connect client users to website servers.


However, as demonstrated today, attackers can attempt to steal funds by exploiting flaws in the DNS protocol.


In reality, such DNS attacks in the crypto area are becoming more common.


Recently, similar DNS vulnerabilities were discovered in DeFi projects such as Convex Finance and Ribbon Finance.


According to Ankr's Twitter account, the company is "investigating several reported concerns."

The Latest News