- Polygon’s Discord server was compromised, leading to a $145,000 theft via a phishing scheme disguised as an airdrop.
- Polygon disabled all bots and integrations on its Discord server to prevent further breaches during a thorough security review.
- The hack highlights ongoing phishing risks as Polygon prepares for its MATIC to POL token migration on September 4.
Polygon has regained access to its community Discord server after a four-hour security breach that resulted in the theft of approximately $145,000 from one user. The breach, which occurred early Saturday morning, involved a phishing scheme disguised as an airdrop ahead of Polygon’s migration from MATIC to POL. The Polygon team has since secured the server and disabled all external bots and integrations to conduct a thorough security review.
Read CRYPTONEWSLAND on
google news
Security Breach Leads to Phishing Attack
The hack took place on saturday, with a fraudulent message being posted on the Discord server, allegedly from the account of Polygon’s community lead, Smokey. The message falsely promoted a “special pre-migration” airdrop and included a phishing link designed to steal user assets.
Blockchain data shows that one user lost a Uniswap position valued at around $145,000 in the attack. The phishing transaction occurred roughly few minutes after Polygon’s chief information security officer, Mudit Gupta, posted a warning about the breach on X. However, the hacker had already targeted their victim by then.
The wallet address used in the attack has been linked to previous phishing incidents. Ten days prior, it transferred over $72,000 worth of ether to another wallet flagged by Etherscan as a phishing perpetrator. Five days ago, the same wallet moved an additional $29,500 worth of ether to another flagged wallet, which now holds $150,000 in assets. These transfers highlight the ongoing risks posed by such phishing schemes.
Polygon Disables Bots and Reviews Security
After regaining control of the Discord server, Polygon’s team disabled all external bots and integrations, emphasizing their commitment to ensuring this incident is not repeated. According to Gupta, the team is still investigating how the breach occurred but suspects a bot or integration was compromised. The logs are being reviewed as part of this ongoing investigation.
Polygon’s security team remains unsure of the exact method the attackers used, but they are confident that no community moderators were directly phished. Gupta confirmed that a postmortem of the hack would be released after the full investigation.
Polygon urged its community to remain cautious and avoid interacting with suspicious links. The incident serves as a reminder of the persistent threat of phishing attacks, especially within online communities like Discord. Although the server has been secured, Polygon acknowledged that some features might remain limited as the security team completes its review of bots and integrations.
This breach highlights the importance of vigilance and secure practices in community management, particularly as Polygon prepares for the upcoming migration to its upgraded POL token. The Polygon team continues to work towards restoring full functionality while ensuring the safety of its users’ assets moving forward.
Crypto News Land, also abbreviated as “CNL”, is an independent media entity – we are not affiliated with any company in the blockchain and cryptocurrency industry. We aim to provide fresh and relevant content that will help build up the crypto space since we believe in its potential to impact the world for the better. All of our news sources are credible and accurate as we know it, although we do not make any warranty as to the validity of their statements as well as their motive behind it. While we make sure to double-check the veracity of information from our sources, we do not make any assurances as to the timeliness and completeness of any information in our website as provided by our sources. Moreover, we disclaim any information on our website as investment or financial advice. We encourage all visitors to do your own research and consult with an expert in the relevant subject before making any investment or trading decision.
