The discord channel of the Ethereum sidechain Polygon got hacked today, with the attacker posting phishing links to deceive users. Polygon chief security officer Medhi Gupta alerted users to the hack and warned them not to click on any links until further notice.
The compromise, which comes a few weeks from Polygon’s significant token migration of MATIC to POL, has raised concerns about the safety of Polygon channels. However, Gupta claimed that all accounts with admin access to the channel had two-factor authentication, making the source of the leak uncertain.
Polygon recovers Discord channel after two hours
According to users who noticed the breach, the attackers posed as genuine support agents on the Polygon Discord support channel and misled users seeking help. They also posted fake links on the announcement channels, mostly about the upcoming token migration.
However, according to an official X post, Polygon team has regained control of the channel and removed all the malicious links misleading users. It also disabled all external bots and integration for now as it investigate the incident. Mudit Gupta quoted the post and confirmed it on X.
The server is secured again. We’ll share a post mortem once we’re done with reviewing everything.https://t.co/NBTvEWYygs
— Mudit Gupta (@Mudit__Gupta) August 24, 2024
The incident further highlights how vulnerable Discord channels are to cyberattacks. The social messaging app is one of the most used in the crypto community and, unfortunately, almost among the most targeted by hackers looking to gain access to users and valuable information.
Over the past two years, several Discord channels of high-profile crypto projects have been hacked. These include Arbitrum, StarkNet, Bored Apes Yacht Game, and others. With Polygon planning a token migration that will expand its utility, it has become a prime target for hackers who can easily deceive users using fake announcements about the attack.
User loses almost $150,000 to scammers
Despite the channel’s recovery and earlier alerts to users, at least one user has revealed they were affected. A user with the handle “@ValidatorK” created an X post and reported that he lost 120,000 MATIC and 30 ETH worth $143,492 from his liquidity pool after clicking on one of the malicious links posted on the channel, thinking it was an official announcement from Polygon.
He said:
“How can I be compensated for the damage caused by not officially notifying me of the hacking? I lost about 120,000 Matic and 30 ETH in a pair of Ethereum pools. It’s so painful and terrible.”
He is now asking the Polygon team for compensation, noting that this was due to their failure to notify users quickly about the hack. The victim even shared a screenshot of his pool as proof. Ironically, most of the responses to the victim posts are from scammers who offer to help further fleece the person.
Meanwhile, the incident did not affect the Polygon native token MATIC. It is up 3% in the last 24 hours, continuing a surge in value that has seen it gain 34% in the last seven days. The token is currently trading at $0.5424 as of press time, according to CoinMarketCap data.
Source: https://www.cryptopolitan.com/polygon-discord-hacked/