Polygon suffered a security breach today when a hacker took over the community's Discord channel for around three hours. The breach, which allowed scammers to get into the channel and target users, has now been resolved.
Mudit Gupta, Polygon's chief information security officer, confirmed that the team has regained full control of the Discord server and is reversing the changes made by the hackers.
Hack Details
The breach was first reported when several Polygon users noticed suspicious activity in their Discord channel: scammers posing as legitimate support representatives began flooding the support channel and posting malicious links to mislead users.
A community member took to social media platform X to highlight the scam link in an announcement channel and warn others about the situation. The user stated:
“We see a lot of people looking for support, but scammers are scamming people under the guise of offering help.”
After trying to warn the community, he received a timeout from the channel's moderators.
In a more serious case, another user, “ValidatorK,” reported losing $150,000 worth of Ether (ETH) after reacting to what appeared to be an official announcement.
The attack raised questions about Polygon's security measures, even though Gupta claimed that two-factor authentication (2FA) was enabled for all privileged accounts on the server.
The timing of the breach was of particular concern to Polygon as it coincided with the platform’s ongoing network upgrade, which is set to replace its native token, MATIC, with the new POL token on September 4th.
Discord Hacking on the Rise
Hacking Discord channels has become a surprisingly popular method for hackers due to their popularity in the cryptocurrency community. Discord channels are often used to communicate valuable information and manage assets, making them a lucrative source of information for cybercriminals.
The hack of Polygon's Discord channel is the latest in a series of similar attacks: On March 25, 2023, the Arbitrum Discord server was compromised after hackers posted a phishing link in its official channel.
On May 5, artificial intelligence network Gnus.AI suffered a similar breach on its Discord server, resulting in losses of approximately $1.27 million.