Poly Network, a cross-chain protocol, has announced that its services will remain temporarily suspended following yet another major hack. The incident saw a hacker exploit 57 different crypto assets across ten blockchains, including Ethereum, BNB Chain, Polygon, Avalanche, Metis, Optimism, and others on July 2.
According to DeFi security expert Arhat, the attack on Poly Network was caused by a smart contract vulnerability on their cross-chain bridge. The hacker managed to create a malicious parameter containing a fake validator signature and block header, allowing them to bypass parameter verification. As a result, billions of tokens from the Poly Network Ethereum pool were issued to the hacker’s address.
At its peak, the hacker’s wallet held over $42 billion worth of tokens, although they were only able to convert a small portion of it into ETH, with the rest being illiquid and essentially worthless. The conversion amounted to around $400,000 in total. This showcases the magnitude of the hack and the limitations the hacker faced in converting the stolen tokens.
Dedaub, a blockchain security firm, blamed the attack on compromised private keys of three addresses in Poly Network’s multi-sig. They also criticized the Poly team for their slow response to the incident and estimated that the hacker stole $5.5 million.
PeckShield, another blockchain security company, stated that the attacker had moved over $5 million worth of crypto out of Ethereum, Polygon, and BNB Chain.
Poly Network has confirmed the incident but has not provided further details about how the hack occurred or the total amount stolen. The protocol has urged its users to withdraw their assets to minimize risks and has instructed most project teams to remove liquidity from decentralized exchanges.
Additionally, Poly Network is seeking assistance from industry experts and cybersecurity professionals to aid in asset recovery. The protocol claims to have contacted centralized exchanges and law enforcement agencies to help track and freeze the funds.
This is not the first time Poly Network has fallen victim to an attack. In 2021, the protocol was hacked for over $600 million across three blockchains.
As of now, Poly Network services remain suspended, and the protocol has yet to respond to inquiries from CryptoSlate regarding the incident. Users will have to wait for further updates from the Poly Network team on when services will resume.
In conclusion, the recent hack on Poly Network highlights the ongoing security challenges faced by decentralized finance protocols. The incident serves as a reminder for the industry to continue improving security measures and for users to exercise caution when utilizing cross-chain platforms.