Polygon’s Discord channel has been compromised, leading the company’s Chief Information Security Officer, Mudit Gupta, to advise users to avoid clicking on any links shared in the channel until the situation is resolved. Gupta confirmed the breach and assured that all privileged accounts had two-factor authentication (2FA) enabled, raising concerns about the effectiveness of current security measures.
Discord, a widely used communication platform within the cryptocurrency community, has become a target for cybercriminals due to the sensitive information and assets discussed in these channels. The breach has already impacted the Polygon community, with one user, shadabk2005, alerting others on the X platform about scammers posing as support agents. The user reported that scam links were posted in the announcements channel and highlighted that attempts to address the issue were met with punitive measures.
The severity of the attack was further illustrated by a report from another user, ValidatorK, who lost $150,000 worth of Ether (ETH) following an interaction with what appeared to be an official announcement on Polygon’s Discord channel.
This incident follows a series of high-profile breaches within the crypto community. In March 2023, CertiK highlighted a phishing scam on the Arbitrum Discord server, where a fake announcement containing a malicious link was disseminated through a hacked developer account. Similarly, in May 2023, the Gnus.AI artificial intelligence network suffered a $1.27 million loss due to a Discord-related exploit.
The timing of the Polygon breach is particularly concerning as the platform is in the midst of a major network upgrade. Scheduled for September 4, the upgrade will replace the native Polygon (MATIC) token with POL tokens. This update is intended to enhance the utility of Polygon’s token and support its expanding network of aggregated blockchains, known as AggLayer.