After hearing about the hack, Ankr said it was “investigating several reported difficulties.” During the event, unknown adversaries seized Ankr’s RPC public domains to conduct phishing attacks.
Mudit Gupta revealed that cybercriminals used a DNS vulnerability to seize control of two URLs: https://polygon-rpc.com and https://rpc.ftm.tools. Connectivity to the Polygon and Fantom blockchains was made possible using Remote Procedure Call which is a node service by Ankr.
The hijacking of Ankr’s RPC looks to be an effort to deceive users into revealing their wallet seed phrase. After abusing the DNS of Ankr’s RPC connections, hackers were able to run fraudulent messages on a phishing website they operated, instructing users to change their seed phrases.
The Domain Name System (DNS) is a protocol all websites use to facilitate communication between client and server computers. As demonstrated today, attackers may use flaws in the DNS protocol to try to steal cash.
Such DNS assaults are becoming more common in the crypto sector. Recently other DeFi initiatives, including Convex Finance and Ribbon Finance, were compromised due to DNS flaws.
The Ankr Twitter page has said that the company is “looking into several reported difficulties.”