The provider of nodes for Proof-of-Stake (PoS) blockchains Ankr has been the victim of a hack this Friday, July 1. The RPC (“Remote Procedure Call”) gateways provided by the company to access the Polygon and Fantom networks have been hijacked in order to extract funds from its customers.
Ankr users encouraged to reveal their seed phrases
This Friday, July 1, the Proof-of-Stake (PoS) blockchain node provider Ankr was the target of a hack. The hacker(s) managed to compromise the RPCs for the Polygon (MATIC) and Fantom (FTM) networks.
In practice, users who tried to access the Polygon (MATIC) and Fantom (FTM) blockchains via the RPC gateways provided by Ankr were presented with an error message encouraging them to disclose their “seed phrase” (also known as the secret phrase or recovery phrase). Once in possession of this simplified version of the victims’ private keys, the hacker(s) could access their wallets to steal their funds.
Domain name hijacking at the root of the hack
According to Chandler Song (co-founder of Ankr) and Mudit Gupta (head of IT security at Polygon), the source of the hack is believed to be Gandi, Ankr’s domain name provider (DNS), which transferred control of Ankr’s account to the hacker. It is not yet known how he did it, but he could have had the help of an accomplice at Gandi.
It is therefore through a domain name hijacking that the hacker would have succeeded in redirecting users to a fraudulent address that affected Ankr’s RPCs for the Polygon (MATIC) and Fantom (FTM) blockchains, so that the platform’s users would come across this famous error message asking them for their seed phrases.
Use other RPCs to access Polygon (MATIC) and Fantom (FTM)
Simply put, RPCs allow users to connect their wallets to a blockchain. For example, when you connect a new blockchain in a wallet like Metamask, you do so via an RPC. To better understand this, we invite you to read our tutorial for connecting the Avalanche blockchain (AVAX) to Metamask.
As Wil, blockchain expert and fundamental analysis specialist for our private group the Grille-Pain points out:
“There are a multitude of RPCs to connect to each blockchain. Only the RPCs provided by Ankr to access the Polygon and Fantom blockchains have been compromised.”
While waiting for this matter to be cleared up, Ankr sent its users new RPCs to access Polygon (MATIC) and Fantom (FTM) via a tweet posted this afternoon.
In the early evening, the company tweeted again to signify that the RPCs for Polygon (MATIC) and Fantom (FTM) networks had been fully restored, adding that all their services were working properly. Ankr took the opportunity to confirm that it had been the victim of a domain name service (DNS) attack.
If you prefer, it is also possible to connect securely to these two blockchains using RPCs provided by other companies, such as Chainlist for example.
Polygon was also keen to point out that this hack did not affect the Proof-of-Stake blockchain, the second-layer solution used by the general public, in any way.
This DNS attack is not unlike the one that affected Convex and other DeFI protocols a few days ago. In any case, it is a good reminder for all cryptocurrency users. In the future, never share your seed phrase on the Internet, especially if you are asked.