A security breach occurred on Sunday on Poly Network, a service that allows users to move assets across different blockchains. The attacker exploited a vulnerability in the system and exchanged more than $10 million worth of ether for other tokens after the breach. The incident allowed the perpetrator to mint varying amounts of 57 tokens across blockchains, including Ethereum, BNB Chain, Metis, and Polygon.
The exploit resulted in the crypto wallet of the attacker showing a value of more than $34 billion on paper. However, this value was not realistic because the chains that were affected did not have enough liquidity for the attacker to cash out.
The tokens that were created artificially were mostly not traded for ether (ETH) on the networks of Ethereum and Binance Smart Chain. Only about 5,196 ETH or $10.1 million worth of tokens were exchanged on these networks.
According to Beosin and Dedaub, two security firms, the cause of the Poly Network breach could have been a loss or a hack of the private keys that the platform’s main smart contract relied on, rather than a flaw in the contract’s code.
According to this statement, the main smart contract of the project was vulnerable because three out of the four admin wallets had their private keys stolen. The Poly Network team has not given any comment on this allegation so far.
Poly Network’s Response to the Attack
Poly Network, a cross-chain protocol, temporarily stopped its operations after a hacker exploited a vulnerability and stole millions of dollars worth of cryptocurrencies. The protocol said it was collaborating with centralized exchanges and authorities to track down the hacker and retrieve the stolen assets. Centralized exchanges have the power to monitor and freeze transactions involving fraudulent tokens.
The Poly Network team advised the projects that were affected by the hack to pull out their liquidity from DEX platforms and asked users who owned the impacted assets to unlock them and reclaim their LP tokens associated with those assets. The team also warned the hacker to give back user assets to “avoid any possible legal repercussions.”
Dear users,
As we continue to address this situation, we regret to inform you that our services will remain temporarily suspended.
【1/7】— Poly Network (@PolyNetwork2) July 2, 2023
Poly Network, a project that enables cross-chain transactions, has suffered another serious security breach. This is not the first time that the project has been targeted by hackers. Last year, a person managed to take $611 million worth of crypto assets from Poly Network, but later gave them back. This was one of the biggest thefts in the history of crypto.