Today, a significant security breach occurred on the Ethereum sidechain Polygon’s Discord channel, resulting in a loss of nearly $150,000 for a user. An attacker compromised the channel by posting phishing links, leading users to fraudulent websites. Polygon’s Chief Security Officer, Medhi Gupta, quickly alerted the community, advising them to avoid clicking on any links until further notice.
Hack targets polygon discord channel
The breach comes at a crucial time, just weeks before Polygon’s planned token migration from MATIC to POL. The incident has raised concerns regarding the security of Polygon’s communication channels. Despite the company’s assertion that all accounts with administrative access had enabled two-factor authentication, the breach’s source remains unclear.
The hackers exploited the situation by posing as legitimate support agents within the Discord support channel. They misled users who were seeking assistance, directing them to malicious links. These links, posted mainly on the announcement channels, were disguised as official updates on the upcoming token migration.
Polygon takes control after two hours
The Polygon team regained control of the Discord channel approximately two hours after detecting the breach. According to an official post on X, formerly Twitter, all malicious links were removed, and the team disabled all external bots and integrations as a precaution. Mudit Gupta, a prominent figure within Polygon, confirmed the recovery and ongoing investigation into the incident.
This incident highlights the vulnerability of Discord channels, particularly within the crypto community, where the app is widely used but frequently targeted by cybercriminals. Over the past two years, several high-profile crypto projects, including Arbitrum, StarkNet, and Bored Apes Yacht Club, have suffered similar attacks.
The user suffers a significant loss
Despite the swift action taken by the Polygon team, at least one user suffered substantial financial losses due to the attack. A user identified as “@ValidatorK” reported on X that he lost 120,000 MATIC and 30 ETH, equivalent to $143,492, after falling victim to one of the phishing links. The user expressed frustration and disappointment, claiming that the lack of timely notification from Polygon contributed to the loss.
The user has since requested compensation from Polygon, citing the company’s failure to inform users about the security breach promptly. He also shared evidence of the loss, including a screenshot of his affected liquidity pool. Unfortunately, the user’s post has attracted further scammers offering false assistance.
Despite the security breach, the value of Polygon’s native token, MATIC, remained unaffected. MATIC saw a 3% increase in the last 24 hours, continuing a positive trend that has seen the token gain 34% in the past week. As of the latest data from CoinMarketCap, MATIC is trading at $0.5424.