DNS Hijack Compromised Ankr’s Services for Polygon and Fantom

Web3 infrastructure firm Ankr is known for offering node endpoints, staking services, and other products to proof-of-stake blockchains. On Friday, a hacker forfeited a scam-like pop-up on Polygon and Fantom network by hijacking Ankr’s domain name system (DNS) to steal users’ seed phases. The project soon recovered the human-made errors and stated that no funds were lost due to this incident.

Attack Targeting Gateways to Polygon and Fantom

Soon after independent security research “CIA Officer” first exposed the attack, Polygon CTO Mudit Gupta took it to Twitter again, urging users to use alternative services while things were being fixed. Meanwhile, he identified the leading player responsible for such an incident of infrastructure failure:

Only hours after hackers compromised the gateways to Fantom and Polygon, Ankr released a full statement on Twitter, assuring users that the attack had been quickly “neutralized.” In addition, all core services were unaffected, and only two free-to-use public remote procedure call (RPC) interfaces for Fantom and Polygon on an external site were shortly breached, according to the firm.

The exploit began with a trick that targeted Ankr’s centralized entity when the perpetrator reportedly deceived a third-party DNS provider into giving the hacker access to Polygon and Fantom’s domains. Ankr’s web service provider named Gandi was reportedly tricked by the hacker’s fake identity, thus agreeing to change the email address for the domain registrar account.

By this means, users who had accessed the blockchains through Ankr’s endpoints would receive a phishing phase that asked them to urgently reset their seed on PolygonApp. The hackers could steal their funds by having affected users’ seed phases.

Though the full explanation behind such an exploit remains unknown as Ankr still tries to understand what Gandi accepted as proof for this change, it revealed that the compromise may have to do with its domains as “a centralized point of failure.”

Security Breach

It’s no longer uncommon that a third-party’s error leads to crypto platforms being compromised. Only days ago, the largest NFT marketplace, OpenSea, reported a data breach, citing an employee of Customer.io, a third-party platform hired by the company, as responsible for such an error.

Due to the leak of data about its customers who thus received suspicious emails, phone calls, and messages from scammers, OpenSea warned its customers to remain vigilant and sent out emails that include anti-phishing practices.

Source

Comments (0)
Add Comment