2023-07-03 10:33:23
New details are gradually coming following the July 2nd attack on the cross-chain bridge platform Poly Network, which allowed a hacker to issue billions of tokens out of thin air for profit. In a Twitter post on July 2, Poly Network confirmed that it was the victim of a DeFi exploit attack after attackers managed to manipulate a smart contract feature of the cross-chain bridge protocol. They added that they are temporarily suspending their services. In the latest announcement, the team revealed that the attack affected 57 cryptoassets across 10 blockchains, including Ethereum, BNB Chain, Polygon, Avalanche, Heco, OKx. It was not specified how much was stolen during the attack. But Peckshield previously reported that the hacker had transferred at least $5 million worth of crypto. “We have already initiated communication with the central exchanges and law enforcement agencies and asked for their help.” the team said in an update on July 3. They also advised project teams and token holders to transfer their assets and unlock their LP (liquidity provider) tokens. This was not the first Poly Network hacker attack, according to DeFi security analyst @0xArhat the attack was the result of a smart contract vulnerability that allowed a hacker to “craft a malicious parameter containing a fake validation signature and block header”. This was accepted by the smart contract, allowing the hacker to bypass the verification process. Thus, he was able to issue tokens from Poly Network’s Ethereum pool to his own address on other chains such as Metis, BNB Chain and Polygon. It repeated the process for other chains, allowing tokens to accumulate. At one point, the hacker had about $42 billion worth of tokens in his wallet. But he was only able to convert and steal a fraction of it, the analyst said. Dedaub, a company offering blockchain security solutions, identified the protocol’s multi-sig weaknesses. They pointed out that it had a simple “3 out of 4” multi-signature arrangement for two years, adding: “Investigating the final event, we found that the private keys of the marked addresses were compromised.” Dedaub explained that the attack was not complex as no logical flaws were exploited. He added that the Poly Network was slow to respond, taking seven hours, costing the platform $5.5 million in stolen crypto. Fortunately, the lack of liquidity prevented further losses for many tokens. Following the attack, Binance CEO Changpeng Zhao reassured customers, stating that “Binance users are not affected. We do not support deposits from this network”. Poly Network’s platform has already been attacked once in one of the industry’s biggest exploits in August 2021. At that point, the hackers – who were later found to be linked to the North Korean hacking organization Lazarus Group – made off with more than $600 million.
1688381825
#Poly #Network #platform #hit #hacker #attack #millions #dollars #stolen