Hackers hijack Ankr gateway for Polygon and Fantom networks

Quick Take

  • Ankr has suffered a DNS hijack affecting RPC endpoints for Fantom and Polygon.
  • The hack is tricking people into revealing their wallet seed phrases which can be used to drain their funds.

Ankr, a node infrastructure provider for proof-of-stake blockchains, suffered a domain name system (DNS) hijack on the RPC endpoints for Polygon and Fantom, according to a tweet by Polygon's chief information security officer Mudit Gupta. 

Gupta confirmed hackers executed a DNS exploit to take control over two links: https://polygon-rpc.com and https://rpc.ftm.tools. Ankr relied on these links to offer Remote Procedure Call (RPC), a node service used by crypto apps and wallets to connect to Polygon and Fantom blockchains.

The Ankr's RPC hijack appears to be an attempt to trick users into providing their wallet seed phrase. In today’s case, after exploiting DNS of Ankr’s RPC links, hackers were able to run fake messages telling users to reset their seed phrases on a phishing website they controlled.

Domain names system is a protocol used by all websites to help client users connect to website servers. But attackers can exploit vulnerabilities in the DNS protocol to attempt to steal funds, as seen today.

In fact, such DNS attacks within the crypto space are on the rise. Just recently, DeFi projects like Convex Finance and Ribbon Finance, suffered from similar DNS vulnerabilities.

Ankr's twitter account posted that it's "investigating some reported issues." 

This is a breaking story and will be updated.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.