Hackers hijack Ankr gateway for Polygon and Fantom networks

Ankr has suffered a domain name system (DNS) hijack on the RPC endpoints for Polygon and Fantom.

Ankr is a node infrastructure provider for proof-of-stake blockchains.

The hijack was confirmed by a tweet from Polygon’s chief information security officer Mudit Gupta.

During the incident, unknown attackers hijacked Ankr’s RPC public domains to run phishing attempts.

Mudit Gupta, confirmed hackers executed the DNS exploit to take control over two links: https://polygon-rpc.com and https://rpc.ftm.tools.

Ankr relied on these links to offer Remote Procedure Call, a node service used by crypto apps and wallets to connect to Polygon and Fantom blockchains.

The Ankr’s RPC hijack appears to be an attempt to trick users into providing their wallet seed phrase.

In today’s case, after exploiting DNS of Ankr’s RPC links, hackers were able to run fake messages telling users to reset their seed phrases on a phishing website they controlled.

Domain names system is a protocol used by all websites to help client users connect to website servers.