The official Discord servers of Layer-1 network Avalanche and Layer-2 blockchain network zkSync were also hacked less than 48 hours after the Polygon page was compromised. In a post to X on August 25, Avalanche’s official account shared that its Discord server had been compromised and urged users not to interact with any links.
Discord Pages Were Attacked
According to screenshots shared by Avalanche Discord members on X, the attackers posted several links containing fake distribution schemes for AVAX, claiming that owners and community members could claim AVAX for free. An hour later, Avalanche's community lead Ben Well wrote that the Avalanche team had found and fixed the issue. He added that the team was working to restore the server to normal.
However, just an hour after the Avalanche attacks, ZkSync reported that its official Discord page was also compromised. Once again, the hackers shared malicious links to a fake round 2 airdrop scheme, promising users free ZK tokens. zkSync did not address the vulnerability in X, but several members of the ZkSync team noticed the vulnerability on its Discord page.
The attack on Avalanche and zkSync comes less than 48 hours after the official Discord page for Polygon was similarly compromised, with hackers sharing malicious links across the server.
Details on the Subject
Polygon’s chief information security officer Mudit Gupta confirmed the breach and warned users to avoid clicking on any links shared on the Discord channel until the situation is fully resolved. A user named ValidatorK reported losing $150,000 worth of Ethereum after interacting with what appeared to be an official announcement on Polygon’s Discord channel.
The latest attacks add to a growing list of similar Discord exploits. On March 25, 2023, blockchain security firm CertiK uncovered a phishing scam circulating on the Arbitrum Discord server. The scam, believed to have been run via a hacked developer account, featured a fake announcement with a malicious link. Similarly, on May 5, the Gnus.AI AI network fell victim to a Discord-related exploit that led to a loss of approximately $1.27 million.