Polygon faced a severe security breach when its official Discord server was hacked on Saturday, August 24. The hackers gained control of the server for about three hours. They used the time to post malicious links in various channels, particularly targeting the support channel. The incident led to financial losses for some users, and unaffected users now raise serious concerns about the platform's security measures.
What is Polygon Network’s Reaction to This Attack?
The breach was first identified early in the morning when users reported suspicious links and unusual activity on the server. These links came from official channels but were phishing attempts to get users to give away their cryptocurrency. A user reported losing $150,000 worth of Ethereum after interacting with one of these links.
Mudit Gupta, Polygon’s Chief Information Security Officer, confirmed the hack on social media and warned users “not to click on any link until the situation was under control.”
According to Gupta, “the team worked diligently to regain control of the Discord server, and were able to do so within three hours of the initial breach.”
Their first priority was to disable all external bots and integration to ensure these hackers didn't exploit them further. Gupta said that “the attack possibly came from a compromised bot or integration,” despite the fact that all privileged accounts on the server were protected by two-factor authentication.
This attack is part of a troubling trend of hackers targeting crypto platforms.
Discord servers, in particular, have become a favored attack vector due to their constant use in the crypto community. Discord is an online messaging app, like Telegram, that has become popular in the crypto community. Users regularly use the messaging platform to pass information and updates on crypto projects. Hackers are targeting discord servers due to this constant use.
This breach is significant for Polygon, as it raises questions about how effective its security protocols are. Polygon's response to the hack has been proactive.
The team has conducted a thorough review of the server's security. While some functionalities have been temporarily limited, the platform is working to ensure that such an incident does not happen in the future. Gupta emphasized that all changes made by the hackers have been reverted, and additional security measures are being implemented to bolster the server's defenses.
Final Notes
Polygon's hacking isn't the first threat the crypto community has faced. Many crypto platforms have been targeted in the past. In 2023, CertiK, a security auditing firm, reported that hackers stole over $6 million from an attack on their Discord server. The attackers added a fake Discord link to CertiK's website. The link was to a fake Discord server that drained money from users' wallets when they clicked on it.