Poly Network, a prominent cross-chain bridge platform, finds itself in turmoil once again as it grapples with the aftermath of a colossal hack that resulted in the creation of billions of tokens.
Quick facts:
- Poly Network suffers a major hack as attackers compromise private keys and exploit a smart contract vulnerability.
- The exploit impacts 57 crypto assets across multiple blockchains, with at least $5 million worth of cryptocurrency stolen by the hackers.
- Poly Network urges users to withdraw their funds and engages with exchanges and law enforcement.
Attackers compromised the platform’s private keys, enabling them to exploit a vulnerability and issue tokens across multiple chains. As a result, Poly Network has urgently advised its users to withdraw their funds from the platform.
Unraveling the Method Behind the Poly Network Attack
The hack, which unfolded on July 2, has sent shockwaves throughout the cryptocurrency community. According to blockchain security firm Dedaub, the attack was executed by manipulating a smart contract function on the platform’s cross-chain bridge protocol.
This allowed the hackers to create tokens from Poly Network’s Ethereum pool and transfer them to their own addresses on chains such as Metis, BNB Chain, and Polygon. The team confirmed that the attackers compromised 57 tokens from 10 blockchains by repeating this process across various chains.
Although the exact extent of the stolen assets has not been disclosed, initial reports from Peckshield, a blockchain security company, suggest that the hackers successfully moved at least $5 million worth of cryptocurrency out of the compromised network.
At its peak, the hacker’s wallet contained approximately $42 billion worth of tokens, although only a fraction of this colossal sum was ultimately converted and stolen.
In response to the attack, Poly Network took swift action. The platform promptly confirmed the exploit via Twitter and temporarily suspended its services to assess the situation.
Additionally, Poly Network has initiated communication with centralized exchanges and law enforcement agencies, seeking their assistance in addressing the breach.
To mitigate further damage and protect their assets, Poly Network has advised project teams and token holders to withdraw liquidity and unlock their LP (liquidity provider) tokens. By taking these precautionary measures, users can minimize potential losses stemming from the hack.
The hack on Poly Network, which has been dubbed the “34 Billion Hack” by blockchain security solutions provider Dedaub, has exposed vulnerabilities in the platform’s multi-signature (multi-sig) arrangement. Dedaub has highlighted that Poly Network relied on a simple “3 of 4” multi-signature setup for over two years.
This configuration ultimately proved to be the weak point, as the compromise of private keys allowed the hackers to exploit the system successfully.
While Poly Network’s response to the attack has been swift, some criticism has emerged regarding the platform’s reaction time. Reports indicate that it took approximately seven hours for Poly Network to address the hack, resulting in a staggering loss of $5.5 million in stolen cryptocurrency.
However, due to the lack of liquidity in many of the tokens involved, more significant losses were averted.
Poly Network’s History of Breaches
Sadly, this is not the first breach that Poly Network has experienced. In August 2021, the platform fell victim to one of the largest exploits in the industry, resulting in hackers affiliated with the North Korean hacking collective known as the Lazarus Group making off with over $600 million.
As the investigation into the recent hack unfolds, the cryptocurrency community remains on high alert. One of the top cryptocurrency exchanges, Binance, and its CEO, Changpeng Zhao, assured users that the incident would not have an impact on them because Binance does not accept deposits from the compromised network.