Due to poor liquidity and security measures, the anticipated $4 billion worth of fraudulent token issuances on PolyNetwork will not yield much money for attackers.
Attackers used a smart contract feature in PolyNetwork’s bridge tool, a cross-chain protocol that permits token swaps across various blockchains, early on Sunday. The attackers were able to issue tokens that did not actually exist on some networks by tampering with the operation of the bridge.
On multiple blockchains, the attackers created a sizable quantity of tokens. They specifically generated 999 trillion shiba inu (SHIB) on the Heco blockchain, 24 billion binance usd (BUSD) and bnb (BNB) on the Metis blockchain, and millions of other tokens on networks like Avalanche and Polygon. As a result, shortly after the attack, tokens with an estimated (on paper) value of approximately $42 billion were still in the attackers’ wallet.
Despite having a sizable token cache, the attackers were unable to monetize the tokens due to a lack of liquidity. Metis developers affirmed that there was no “sell liquidity” available for the BNB and BUSD tokens. Additionally, the developers froze the attackers’ unauthorized METIS tokens on the PolyNetwork bridge.
However, the attackers were successful in locating markets for other unauthorized tokens that they produced. For example, they traded 15 million RFuel tokens for 27 ether, 495 million COOK tokens for 16 ether, and 94 billion SHIB tokens for 360 ether (ETH). The analytics company Lookonchain reported on this transaction.
specific form of attack mitigation was shown by the lack of liquidity for specific tokens and the locking of METIS tokens. The attackers’ ability to turn the tokens into real money was hampered by the lack of sale liquidity. The developers also took steps to lock the METIS tokens that were fraudulently issued, halting their circulation and possible impact.
Related: North Korean Hackers Use Shadow IT Workers to Steal Millions in Crypto
The incident brought to light the flaws and dangers present in decentralized finance (DeFi) systems and smart contracts. In order to mitigate such attacks, the attack on PolyNetwork’s bridge tool serves as a reminder of the value of security precautions and ongoing development in the creation and implementation of blockchain-based systems.