A hack of the Polemos Discord server took place yesterday morning UTC.
The Polemos team believes the initial attack has been contained and are reviewing other systems. At this point no other impacts have been found.
The hack occurred when a Discord role used for support purposes was compromised, leading to the creation of a fake CEO account.
That fake account then invited community members to connect their wallets to a fake Polemos website. Assets in any connected wallets were stolen.
The fraud was limited in impact, according to co-CEO Richard McLaren.
“At this point the attack was limited to a scam using a fake CEO account to link to a fake giveaway site which was live on Discord for a few hours. There was no compromise to our other systems or the platform that we can determine, we are running additional checks for unusual activity.
Polemos will never issue flash drops or giveaways or anything that is not clearly flagged in advance with the community.
We are reviewing the impact to our community and regret the losses from community members.”
Update 23:30 18 June UTC:
Polemos Discord server is running again. The compromised account is no longer functional and community members can use the Discord as normal.
Update 00:30 19 June UTC:
The address of the scam site linked to is https:// claim-polemos .io. Note we have included spaces in this URL so this is not an active link. Do not go to this site. Also note that all legitimate Polemos sites end with “polemos.io”, with no hyphenation or other extension of “polemos”. Watch out for imposter domains such as the one above.
Update 24 June:
Co-CEO Sascha Zehe posted this message on the Polemos Discord:
Following up on the latest announcement, we want to share with @everyone some essential updates pertaining to the recent hacking incident on our Discord server, as well as certain operational changes:
- Firstly, we have set up a compensation mechanism for the few members that were affected by the recent hack and subsequent scam. If you were impacted, please send an email to email@example.com providing your old compromised wallet, your new wallet for reimbursement in ETH, and your Discord ID. The instructions to find your Discord ID are detailed here: 🎓│scholarships.
Please note that…
- …the affected community members have two weeks from now to reach out to us.
- …upon receiving your email, our team will conduct internal checks first. We will then transfer a small amount of ETH to your old compromised wallet and ask you to return it. This step is crucial in proving your ownership of the wallet. Once confirmed, we will proceed with the reimbursement.
- …the reimbursement will be made in ETH at a replacement value estimated by Polemos. Please understand that there is no room for negotiation, and claims for other direct or indirect damages beyond the assets that can be clearly tracked on-chain cannot be considered.
- …we want to stress that while we empathize with any losses incurred, we will not compensate for future losses as a result of fake flash mint/token sells or other scams involving accounts that are not affiliated with polemos.io. Please be reminded that Polemos only uses the polemos.io domain. We will never operate under any other domain, and we will also not announce any sales or flash mints out of the blue. There will always be communication from our side in advance in order to prepare the community for it – this includes our own token launch. Similar information had already been included in our 📌│faqs and was now expanded upon for even more clarity.
Discord <> Forge syncing
Lastly, we are pleased to announce that the upgrades for the syncing of Discord accounts and wallets used on the Forge has been completed, and that the service is operational again. For more details how to sync your accounts, please visit 🤝│account-and-rank-syncing . The strength and support of the Polemian community have been unwavering, even in these challenging times. We would like to thank you for your continued trust in Polemos as we continue our ongoing mission to build a secure, robust and value-adding environment for our community. Let’s continue to move forward together towards an exciting future for the protocol, our community, and gaming overall NB: With the delivery of the Armory, we’ve started to increase our efforts on the content side as well. Don’t miss out on the exciting things we’re doing on YouTube for example: https://www.youtube.com/@Polemos_io
This thread is closed and there will be no further updates to this article.