On Saturday, August 24, the Polygon Discord channel was compromised, but the platform’s team managed to regain control approximately four hours later.
Following the breach, Mudit Gupta, Polygon’s Chief Information Security Officer, promptly issued a warning on X.com, advising users to avoid clicking on any links in the official Discord channel until further notice.
PSA: Do not click on any links in the @0xPolygon community discord until further notice.
It has been compromised and we're trying to get back ownership.
— Mudit Gupta (@Mudit__Gupta) August 24, 2024
This incident alarmed many within the Polygon community. One user, known by the X handle @shadabk2005, reported that scam links were being posted in the compromised channel.
https://twitter.com/shadabk2005/status/1827234729898164363?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1827234729898164363%7Ctwgr%5Eb321e31c5adbe6828c39df05c9263543c4d2b173%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fcrypto.news%2Fpolygon-discord-regains-control-after-hack-scam-link-scare%2F
Details regarding the breach remained sparse, but about four hours later, Gupta updated his initial post to inform users that the Polygon team had successfully regained control of the channel. He reassured the community that they were implementing security measures to prevent a recurrence.
This event is part of a growing trend of attacks on Discord, a free messaging app widely used by crypto communities. Discord, along with platforms like X, Telegram, and Reddit, has become a critical tool for these communities to share vital information—unfortunately, attracting the attention of scammers.
Such attacks have become increasingly common. In July, for instance, the Ethereum liquid restaking platform Renzo lost control of its Discord channel to malicious actors. It was unclear if any funds were lost during that attack.
In another case, hackers placed a fake Discord link on the website of the security auditing firm CertiK. The link directed users to a counterfeit Discord server hosting malicious software designed to drain funds from users’ wallets.
In September 2023, CertiK reported that over $6 million was stolen through attacks orchestrated via compromised crypto Discord channels. These attackers primarily used the channels to promote fake token airdrops, with links that led to phishing sites.
