Polygon has regained control of its community Discord server following a hack that allegedly cost one user about $145,000 in assets.
The attack, seemingly from a serial hacker, comes shortly before Polygon’s planned mainnet upgrade on Sep. 4, which will transition its native token MATIC to a new token with the ticker POL.
Polygon has regained control of its community Discord after it was hijacked for about four hours on Saturday morning, allegedly leading to the theft of about $145,000 in assets from one user.
"We have regained access and secured the Polygon community discord server. All external bots and integrations have been disabled while we perform a security review of each of them to avoid this from happening again," Polygon wrote on X.
A fraudulent message was posted to the Polygon Discord at about 5 am GMT, seemingly from the account of its community lead Smokey, contemporaneous screenshots show. The message advertised a "special pre-migration" airdrop ahead of the Polygon network's planned migration from its native MATIC token to the upgraded POL token, which is scheduled for Sep. 4, along with a phishing link.
At least one user claims to have fallen victim to the attack, and blockchain data backs up their claim of losing a Uniswap position worth about $145,000 in the hack. The transfer transaction occurred about 40 minutes after Polygon's chief information security officer, Mudit Gupta, alerted the Polygon community to the hack with a post on X, which was reposted by Polygon's X account, though it's unclear when the repost occurred.
The wallet address where the Uniswap position was transferred, which likely belongs to the hacker, appears to have claimed other victims in the past. Ten days ago, the wallet transferred ether worth $72,300 at the time to a wallet flagged by Etherscan as a phishing perpetrator that now holds nearly $400,000 in assets. Five days ago, the wallet transferred $29,500 worth of ether to a different, but similarly flagged, wallet with $150,000 in assets.
Polygon's team is currently unsure of the mechanism by which its Discord was compromised. "At this moment, we don't believe any of our mods were compromised this way [being phished]. It seems more likely that a bot/integration we had was compromised. Still going through the logs," Gupta posted on X. Gupta also stated that the team plans on releasing a postmortem following a review of the hack.