Blockchain networks Polygon and Fantom suffered a DNS attack Friday that directed users to malicious websites created to steal the keys to their digital wallets.
Safe access to the crypto platforms’ websites was restored shortly before noon Friday, according to the co-founder of Ankr, an infrastructure firm. Ankr provides Polygon and Fantom with public RPC gateways, computer programs that allow crypto wallets and web browsers to communicate with Ethereum validator nodes.
The attack began with a breach at Ankr’s DNS provider, Gandi, according to Ankr co-founder Chandler Song.
“The attacker basically social-engineered the customer service [at Gandi] and pretended to be an Ankr employee,” Song explained in an interview with The Defiant, and “had the entire corporate email address changed on Gandi.”
Ankr Nodes Affected
The attack affected a pair of nodes that Ankr offers the Polygon and Fantom communities at no cost, “simply out of goodwill to the developer community and the users,” Song said. The attacker was then able to send users an error message directing them to a website where they were instructed to connect their crypto wallets.
“It’s obviously a phishing scam,” Song said. “Hopefully not a single person clicked on those websites, but so far I’ve not heard of anyone clicking on those websites.”
Polygon co-founder Sandeep Nailwal took to Twitter to assure users the Polygon blockchain was running without issues, and to direct them to alternative RPC providers, such as Infura and Alchemy.
Gandi Security Practices
Song slammed Gandi’s security practices, saying it was too easy for the attacker to successfully impersonate an Ankr employee. He added that Ankr had already ditched Gandi as it DNS provider for its free Polygon and Fantom RPC service.
It wasn’t the only change discussed in light of Friday’s incident.
Polygon is looking into longer-term solutions that would prevent a repeat of Friday’s breach, according to chief information security officer Mudit Gupta.
“We are also working on a more decentralized alternative as a research project and a foundation owned RPC node for more reliability,” he tweeted.