polygon Matic
+2.87%
The community Discord was hacked for about 4 hours on Saturday morning, but control of the community has now been restored. The hack reportedly resulted in the theft of approximately $145,000 worth of assets from one user.
“We have restored access to the Polygon Community Discord server and strengthened its security. We have disabled all external bots and integrations while we conduct a security review of each bot and integration to prevent something like this from happening again,” Polygon wrote on X.
Around 5am GMT, a fraudulent message was posted to the Polygon Discord, appearing to come from the account of community leader Smokey, as confirmed by a contemporaneous screenshot. The message advertised a “special pre-migration” airdrop ahead of the Polygon Network’s scheduled migration from the native MATIC token to the upgraded POL token on September 4, along with a phishing link.
At least one user claims to have fallen victim to the attack, with blockchain data backing up claims that they lost approximately $145,000 worth of Uniswap positions in the hack. The transaction occurred approximately 40 minutes after Polygon’s Chief Information Security Officer Mudit Gupta notified the Polygon community of the hack in a post on X, and was reposted from Polygon’s X account, though the exact timing of the repost is unclear.
The wallet address where the Uniswap positions were transferred, likely belonging to the hacker, appears to have been a victim in the past. Ten days ago, the wallet transferred $72,300 worth of ETH to a wallet flagged by Etherscan as a phishing victim, which now has nearly $400,000 in assets. Five days ago, the wallet transferred $29,500 worth of ETH to another wallet with $150,000 in assets, which was similarly flagged.
The Polygon team is currently unsure of the mechanism by which Discord was compromised. “As of now, we don’t believe any of our mods were compromised in this manner (phishing). It’s more likely that a bot/integration we had in place was compromised. We’re still looking at the logs,” Gupta posted to X. Gupta also said that the team plans to release a post-mortem analysis once they’ve reviewed the hack.
Polygon did not immediately respond to The Block’s request for comment.
Disclaimer: The Block is an independent media outlet providing news, research and data. As of November 2023, Foresight Ventures is the largest investor in The Block. Foresight Ventures invests in other companies in the cryptocurrency space. Cryptocurrency exchange Bitget is an anchor LP of Foresight Ventures. The Block continues to operate independently to provide objective, influential and timely information on the cryptocurrency industry. Below are the current financial disclosures.
© 2024 The Block. All rights reserved. This article is provided for informational purposes only. It is not provided or intended to be legal, tax, investment, financial or other advice.