Poly Network Urges Immediate Withdrawal as Exploit Impacts 57 Crypto Assets

New information has emerged following an attack on cross-chain bridge platform Poly Network, which occurred on July 2. The attack allowed hackers to generate billions of tokens for illicit gains. Poly Network confirmed the breach via a Twitter post, revealing that the smart contract function on their cross-chain bridge protocol had been manipulated. As a result, the platform temporarily suspended its services.

In a recent update, the Poly Network team disclosed that the exploit had impacted 57 different crypto assets across 10 blockchains, including Ethereum, BNB Chain, Polygon, Avalanche, Heco, OKx, and Metis, among others. While the exact amount stolen was not specified, cybersecurity firm Peckshield reported that the attacker had transferred at least $5 million worth of cryptocurrencies.

The Poly Network team stated in a July 3 update that they had initiated communication with centralized exchanges and law enforcement agencies, seeking their assistance in resolving the issue. They also advised project teams and token holders to withdraw liquidity and unlock their LP (liquidity provider) tokens.

According to DeFi security analyst @0xArhat, the exploit resulted from a vulnerability in the smart contract. The hacker crafted a malicious parameter with a fake validator signature and block header, which the smart contract accepted. This allowed the attacker to bypass verification and issue tokens from Poly Network’s Ethereum pool to their own address on other chains, such as Metis, BNB Chain, and Polygon. The process was repeated across multiple chains, enabling the hacker to amass a significant stash of tokens.

At one point, the hacker’s wallet held approximately $42 billion worth of tokens, but they were only able to convert and steal a fraction of that amount. The analyst noted that the hacker minted billions of tokens on various blockchains that did not exist previously and transferred them to their own wallet addresses.

The recent exploit on Poly Network has been dubbed the “34 billion Poly Network hack” by blockchain security solutions provider Dedaub. Dedaub highlighted weaknesses in the protocol’s multi-signature arrangement, noting that it had a simple “3 of 4” setup over two years. The company found that the private keys to the compromised addresses were exposed. Dedaub further explained that the attack was not complex and did not exploit logic bugs. However, Poly Network’s response to the breach was deemed slow, taking seven hours and resulting in $5.5 million in stolen crypto. Fortunately, the lack of liquidity in many of the tokens prevented further losses.

Following the incident, Binance CEO Changpeng Zhao reassured users that the attack did not impact Binance and that they do not support deposits from the affected network.

CryptoGrafos reached out to Poly Network for additional details but did not receive a response at the time of publication.

It’s worth noting that Poly Network previously experienced a major exploit in August 2021, in which hackers, later identified as affiliated with the North Korean hacking group Lazarus Group, made off with over $600 million.

For more news, find me on Twitter or subscribe to my YouTube channel.

What is your opinion on this issue? Leave me your comment below! I’m always interested in your opinion!

Leave a Reply

Your email address will not be published. Required fields are marked *

Recommended for you