According to blockchain security company Dedaub, the Poly Network has once again been hacked, this time because of stolen private keys.
The cross-chain bridge platform Poly Network was attacked on July 2nd, and a hacker used a smart contract feature to release billions of tokens for their own benefit. Concerns concerning the security of decentralized finance (DeFi) platforms and their susceptibility to exploitation have been highlighted in light of the incident.
On July 2nd, Poly Network acknowledged that it had been the most recent victim of a DeFi exploit in a tweet confirming the incident. The platform declared that it would temporarily halt operations as it fixed the security hole and assessed the attack’s full level of harm.
57 distinct crypto assets from 10 different blockchains were impacted by the vulnerability, according to a later update from the Poly Network team. These networks included well-known ones like Ethereum, BNB Chain, Polygon, Avalanche, Heco, and OKx as well as less well-known ones like Metis. This wide-ranging impact exemplifies the attack’s broad scale and the possible repercussions for multiple projects and token holders.
Although Poly Network did not disclose the precise amount taken in the attack, security company Peckshield said that the exploiter had already moved at least $5 million worth of cryptocurrencies out of the compromised accounts. The amount of the stolen assets demonstrates the scope of the breach and the possible financial losses suffered by those involved in it.
The Poly Network team reacted to the attack right away. In order to hunt down and reclaim the stolen funds, they have started a dialogue with law enforcement and centralized exchanges. As a precaution, the team also suggested that other project teams and token owners withdraw liquidity and unlock their LP (liquidity provider) tokens.
Poly Network Exploit
The exploit, according to DeFi security expert @0xArhat, was caused by a flaw in the smart contract that made it possible for a hacker to modify a parameter carrying a false validator signature and block header. By taking advantage of this flaw, the hacker was able to get around the verification process and issue tokens from the Ethereum pool of Poly Network to their own address on other blockchains, such as Metis, BNB Chain, and Polygon.
This method was repeated by the attacker on many chains, resulting in a sizeable token hoard. Although they were only able to convert and take a portion of that total, the hacker’s wallet once contained tokens valued almost $42 billion. This emphasizes the obstacles the hacker had when trying to completely monetize their illegitimate riches.
Poly Network has previously been the target of cyber attacks. The platform was the target of one of the biggest industry hacks in August 2021, with thieves connected to the Lazarus Group, a group of North Korean hackers, making off with almost $600 million. Attacks on Poly Network have a history, which raises questions about the platform’s security protocols and its capacity to stop similar breaches in the future.