RPC to Polygon (MATIC) and Fantom (FTM) gateways compromised?

Proof-of-Stake (PoS) blockchain node provider Ankr fell victim to a hack this Friday, July 1. The RPC (Remote Procedure Call) gateways provided by the company to access the Polygon and Fantom networks have been hijacked in an attempt to extract funds from its customers. Let’s take stock of this hack.

Ankr users encouraged to reveal their “seed phrases”

This Friday, July 1, the blockchain node provider Proof-of-Stake (PoS) Ankr was the target of a hacke. The hacker(s) managed to compromise RPCs for Polygon (MATIC) and Fantom (FTM) networks.

In practice, the users having attempted to access the Polygon (MATIC) and Fantom (FTM) blockchains through the RPC gateways provided by Ankr came across an error message encouraging them to reveal their “seed phrase” (also called passphrase or recovery phrase). Once in possession of this simplified version of the private keys of the victims who fell into the trap, the hacker(s) could access their wallets in order to steal their funds.

Discover our Private Group

Content with high added value and quick to consume

toaster icon

👉 On the same topic: Wallet, passphrase and address generation

A domain name hijacking at the origin of the piracy

According to Chandler Song (co-founder of Ankr) and Mudit Gupta (head of IT security at Polygon), the source of this hack would come from Gandi, the domain name provider (DNS) of Ankr, which would have transferred control of the Ankr account to the hacker. We do not yet know how he did it, but he could have benefited from the help of an accomplice at Gandi.

It is therefore by a domain name hijacking that the pirate would have succeeded in redirect users to a fraudulent address that has affected Ankr’s RPCs for the Polygon (MATIC) and Fantom (FTM) blockchains, so that users of the platform come across this famous error message asking them for their seed phrases.

👉 To go further: How to secure and store your cryptocurrencies?

Use other RPCs to access Polygon (MATIC) and Fantom (FTM)

For simplicity, RPCs allow users to connect their wallets to a blockchain. For example, when you connect a new blockchain in a wallet like Metamask, you do so via an RPC. To better understand, we invite you to read our tutorial to link the Avalanche blockchain (AVAX) to Metamask.

As Wil, blockchain expert and fundamental analysis specialist for our private group Le Grille-Pain points out:

“There are a multitude of RPCs to connect to each blockchain. Only the RPCs provided by Ankr to access the Polygon and Fantom blockchains were compromised.”

While waiting for this case to be clarified, Ankr has passed its users new RPCs to access Polygon (MATIC) and Fantom (FTM) via a tweet posted this afternoon.

In the early evening, the company tweeted again to say that the RPCs of the Polygon (MATIC) and Fantom (FTM) networks had been fully restored, adding that all their services were working fine. Ankr took the opportunity to confirm that she had been victim of a domain name service (DNS) attack.

If you prefer, it is also possible to securely connect to these two blockchains using RPCs provided by other companieslike Chainlist for example.

The Polygon company also wanted to point out that this hack did not affect the Proof-of-Stake blockchain in any waythe second layer solution used by the general public.

This DNS attack is reminiscent of the one that hit Convex and other DeFI protocols a few days ago. In any case, it is a good reminder for all cryptocurrency users. In the future, never share your seed phrase on the internet, especially if asked.

👉 We invite you to consult our selection of must-read articles to secure your investments in cryptocurrencies.

Newsletter 🍞

Get a crypto news recap every Sunday 👌 And that’s it.

Warning

The content on our website is for informational purposes only. The information on this page does not constitute investment advice or a recommendation to buy or sell. You should always do your own research and we advise you to seek outside financial advice.

Leave a Comment