- Polygon’s Discord was hacked for four hours, leading to the theft of $145,000 through a phishing link in a fake airdrop post.
- The hacker’s wallet linked to the Polygon breach had previously transferred over $100,000 to wallets flagged for phishing activities.
- Polygon disabled all bots and integrations after the attack, with plans to release a detailed report following a thorough security review.
Polygon, the blockchain platform behind MATIC, regained access to its Discord server after it was hijacked early Saturday morning, resulting in a $145,000 theft from a user. The incident disrupted the community for nearly four hours. The compromised server led to fraudulent messages and phishing links, targeting users with a fake airdrop.
Discord Compromise Prompts Security Lockdown
At around 5 AM GMT, a malicious post surfaced on the Polygon Discord, appearing to come from the community lead, Smokey. The message advertised a fake “special pre-migration” airdrop, leveraging the upcoming migration from MATIC to the new POL token on September 4.
The post contained a phishing link that prompted users to interact, leading to at least one significant loss. Polygon’s Chief Information Security Officer, Mudit Gupta, immediately notified the community of the hack via X, previously known as Twitter. Few minutes after Gupta’s warning, a user reported losing a Uniswap position worth $145,000.
Hacker Linked to Previous Phishing Attacks
Blockchain data linked the hacker’s wallet to other incidents. Ten days prior, the same wallet transferred $72,300 worth of ether to a wallet flagged as a phishing perpetrator by Etherscan. This wallet, now holding nearly $400,000, had a history of suspicious activity.
Additionally, five days ago, the same hacker moved $29,500 worth of ether to another flagged wallet, bringing attention to a potential pattern of fraud. Notably, both wallets have accumulated significant amounts, raising concerns about the hacker’s broader involvement in cyber thefts.
Polygon Reviews Breach for Possible Bot Compromise
Polygon’s security team is still investigating how the attack occurred. Early findings suggest that a bot or integration within the Discord server may have been compromised. Gupta confirmed that no moderators appeared to be victims of phishing attempts, further pointing to the possibility of external vulnerabilities.
To prevent future breaches, the Polygon team disabled all external bots and integrations, pending a thorough review. Additionally, Gupta mentioned that Polygon plans to release a detailed report following a complete analysis of the incident.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.