Over the weekend, the Poly Network fell victim to a hacker who managed to exploit the system and make off with nearly $10 million worth of ETH. Beosin, a security firm, was the first to reveal this breach. The attack allowed the hacker to mint an astonishing $34 billion worth of cryptocurrency. Poly Network, a cross-chain bridge that facilitates the transfer of assets across various blockchains, took immediate action by temporarily suspending its services. The team behind the DeFi network discovered that the hacker had minted 57 tokens across 10 different blockchains, including Ethereum, BNB Chain, Metis, Polygon, Avalanche, Heco, and OKX. After the hack, the hacker’s wallet held over $42 billion in tokens.
Despite having such a vast amount of tokens, the hacker faced challenges in cashing out the entire stash due to a lack of liquidity and security measures. Experts from Beosin and Dedaub believe that the hack may have occurred as a result of the theft of private keys used in the platform’s main smart contract. However, they do not believe that the exploit was a result of a specific vulnerability in the contract’s logic. According to the security analysts, three out of the four admin wallets, which power the network’s main smart contract, had their private keys compromised. Poly Network has yet to provide any clarification regarding these claims.
In response to the incident, the Poly Network team has been actively collaborating with centralized exchanges and law enforcement agencies to identify the hacker and recover the stolen funds. They have also temporarily suspended their services. Binance CEO, Changpeng Zhao, reassured Binance users that the hack does not affect them as the exchange does not support deposits from the Poly Network.
The team behind the exploited network has urged affected projects to withdraw liquidity from decentralized exchanges. They have also requested users holding impacted assets to unlock them and reclaim their liquidity pool (LP) tokens associated with those crypto assets. Additionally, the team has appealed to the hackers to return the stolen funds to avoid facing legal consequences.
This is not the first time that the Poly Network has experienced a major security breach. In August 2021, a group of hackers exploited vulnerabilities in the network and stole approximately $611 million in cryptocurrencies. This hack was one of the largest in the history of cryptocurrency. However, the hackers returned most of the stolen assets within just two days. Reports suggest that this exploit occurred due to a leak of a private key used to sign a cross-chain message.
The recent attack on the Poly Network highlights the vulnerabilities present in the DeFi space. It serves as a reminder for developers and users to prioritize security measures and implement robust protocols to protect against such breaches. As the investigation into this incident continues, the crypto community waits anxiously for updates on the recovery of the stolen funds and the identification of the perpetrator.