Cross-chain protocol Poly Network said its services would remain temporarily suspended after a hacker exploited 57 crypto assets on 10 blockchains on July 2, including Ethereum (ETH), BNB Chain, Polygon (MATIC), Avalanche (AVAX), Metis, Optimism (OP), and others.
Community debate scope of the Poly Network attack
DeFi security expert Arhat mention that a smart contract vulnerability on the Poly Network cross-chain bridge caused the attack.
Arhat explained that the hacker created a malicious parameter that contained a fake validation signature and block header. This allowed them to bypass the verification of the parameters and issue billions of tokens from the Poly Network Ethereum pool, which were transferred to their address.
Arhat said:
“At one point, the hacker’s wallet contained over $42 billion in tokens (on paper) right after the hack. Despite the size of this hack, it was impressive that the hacker was only able to convert a small fraction of these tokens SHIB, COOK, R Fuel go inside ETH, which was worth about $400,000 in total. Everything else had no liquidity and was essentially worthless.”
Meanwhile, blockchain security company Dedaub accused the attack on the compromised private keys of three addresses in the Poly Network multi-sig. The blockchain security firm highlighted the Poly team’s slow response to the attack, estimating that the hacker stole $5.5 million.
PeckShield too mention that the attacker had extracted over $5 million worth of crypto from Ethereum, Polygon, and BNB Chain.
Poly Network tries to minimize the impact of attacks.
While Poly Network has confirmed After the incident, the team was yet to provide additional information about how it was exploited or the total amount stolen.
Poly Network has yet to respond from CryptoSlate request for comment at time of writing.
Meanwhile, Poly Network advised its users to withdraw their assets as part of its effort to minimize risk. The protocol said it had told most project teams to remove liquidity from decentralized exchanges.
The team further enlisted the help of industry experts and cybersecurity professionals who can assist with asset recovery. The protocol also claimed it contacted centralized exchanges and law enforcement agencies to track down and freeze the funds.
This is not the first time the cross-chain protocol has been abused. In 2021, Poly Network was hacked for more than $600 million in three blockchains.
The post Poly network services ‘remain suspended’ after another major hack first appeared on CryptoSlate.
