Poly Network, a cross-chain bridge platform, was recently hacked, resulting in the manipulation of a smart contract function. The attack allowed hackers to issue billions of tokens across multiple blockchains, including Ethereum, BNB Chain, Polygon, and more.

Attack Details

The exploit was carried out by manipulating a smart contract vulnerability that allowed the hacker to craft a malicious parameter, bypassing the verification process.

This enabled the hacker to issue tokens from Poly Network’s Ethereum pool to their own addresses on various chains, accumulating a substantial token stash.

Affected Assets

A total of 57 crypto assets on 10 blockchains were impacted by the attack, although the exact amount stolen has not been disclosed. Reports suggest that at least $5 million worth of crypto has been transferred out by the exploiter.

Poly Network’s Response

The team at Poly Network has initiated communication with centralized exchanges and law enforcement agencies, seeking their assistance in addressing the situation.

They have also advised liquidity withdrawal and unlocking of liquidity provider tokens for project teams and tokenholders.

Vulnerability Analysis

Security experts have identified weaknesses in Poly Network’s multisig protocol, highlighting a simple “3 of 4” multisignature arrangement that was compromised. The attack did not exploit logic bugs but rather exposed the compromised private keys of certain addresses.

Impact and Reassurance

The seven-hour response time from Poly Network allowed the hacker to steal approximately $5.5 million in crypto. However, due to the lack of liquidity in many of the affected tokens, further losses were prevented.

Binance CEO Changpeng Zhao has reassured users that the incident does not impact Binance customers, as the network does not support deposits from Poly Network.

Tags