Poly Network, a cross-chain protocol, was hacked for $600 million in 2021.
The cross-chain protocol Poly Network has been hacked again, this time by hackers who exploited the protocol to steal over $400 million in cryptocurrency assets, following a $600 million hack in 2021.
Table of Contents
Cross-Chain Bridge Vulnerability Causes Trouble
Cross-Chain Smart Contract Vulnerability
According to Arhat, the founder of 3z3 Labs, hackers bypassed Poly Network's verification mechanism by using false validator signatures and malicious parameters.
The hackers successfully deceived the EthCrossChainManager smart contract, which manages cross-chain operations, to issue a large number of tokens supported by Poly Network on various major public chains, with an on-paper value exceeding $42 billion:
Heco: 999.8 trillion SHIB
Metis: 99 million BNB, 10 billion BUSD
Polygon: 875,000 COW, 999 million OOE, 636 million STACK, 88.6 million GM
Avalanche: 378 million STACK, 82.8 million XTM, 11 million SPAY, 89 million GM
Binance Chain: 80 million METIS, 926 million DOV, 978 million SLD
Lost Private Keys, Backdoor by Team?
Cybersecurity firm Dedaub denied the existence of vulnerabilities, suggesting that there were no logical errors in the contract code, but rather the private keys were stolen and misused.
This has led the crypto community to suspect internal team involvement.
Low Liquidity Saved Poly Network, Hacker Gains $4 Million
Due to the lack of selling liquidity for specific non-mainstream altcoins on the mentioned public chains, most of the cross-chain assets issued by the hacker only existed on paper. However, according to MistTrack team's analysis, the hacker was still able to cash out approximately $4.3 million on the Ethereum chain.
Metis also released a similar statement.
PeckShield, a monitoring agency on another chain, stated that the hacked funds exceeded $5 million.
#PeckShieldAlert @PolyNetwork2 exploiter has transferred more than $5M worth of cryptos out on #Ethereum, #BNBChain, and #Polygon, especially 1.5K $ETH ($2.88M) to 0x23f4…c671, 440 $ETH ($844K) to 0xc8Ab…C42F, and 300 $ETH (~$575K) to 0xfD3E…b778https://t.co/EbYdTo3xIg… pic.twitter.com/I5Lg9UJ0eU
— PeckShieldAlert (@PeckShieldAlert) July 2, 2023
Poly Network: Service Suspended, Seeks Law Enforcement
Poly Network announced the suspension of services and listed the affected addresses, emphasizing that they are seeking assistance from exchanges and law enforcement agencies.
Binance founder Zhao Changpeng CZ stated that the related addresses have been banned from depositing, and the security team is assisting in the investigation.
We also strongly advise users who hold the affected assets to expedite the process of withdrawing liquidity and unlocking their LP tokens.
We deeply appreciate your patience and understanding during this challenging period.
Yours sincerely,
The Poly Network Team
【7/7】— Poly Network (@PolyNetwork2) July 2, 2023
Poly Network Hacked for $600 Million in 2021
In August 10, 2021, Poly Network was hacked for over $611 million due to the exploitation of smart contracts EthCrossChainManager and EthCrossChainData, surpassing the total hacked amount of $474 million in the first half of 2021.
However, the hacker eventually returned the funds and rejected the team's offer of a $500,000 white-hat hacker bounty.
Related events:
Poly Network Hacked for $600 Million, Ethereum, BSC, Polygon Assets Affected
Poly Network Hacker Repays, Denies MistTrack's Claims
Related
- Bitcoin Nears New Highs, Yet Industry Faces Wave of Layoffs and Transformation: ConsenSys and dydX Lay Off 20-35% of Employees
- Babylon mainnet launched nearly a month ago, market response not as expected: Where does the future of BTCFi lie?
- Ignas: Korean projects repeatedly create bullish market miracles, optimistic about Story sparking another trend