Poly network services ‘remain suspended’ after another major hack
Several blockchain security firms have estimated that the protocol lost over $5 million in crypto assets.
Cross-chain protocol Poly Network said its services would remain temporarily suspended after a hacker exploited 57 crypto assets on ten blockchains, including Ethereum (ETH), BNB Chain, Polygon (MATIC), Avalanche (AVAX), Metis, Optimism (OP) and others on July 2.
Community debate extent of the Poly Network attack
DeFi security expert Arhat stated that a smart contract vulnerability on the Poly Network cross-chain bridge caused the attack.
Arhat explained that the hacker created a malicious parameter that contained a fake validator signature and block header. This allowed them to bypass the verification for the parameters and issue billions of tokens from the Poly Network Ethereum pool, which was transferred to their address.
Arhat said:
“At one point, the hacker’s wallet held over $42 billion worth of tokens (on paper) immediately following the hack. Impressively, despite the magnitude of this hack, the hacker was only able to convert a small portion of these tokens SHIB, COOK, RFuel into ETH, which was worth about $400,000 in total. Everything else had no liquidity and were essentially worthless.”
Meanwhile, blockchain security firm Dedaub blamed the attack on the compromised private keys of three addresses in the Poly Network multi-sig. The blockchain security firm highlighted the Poly team’s slow response to the attack and estimated that the hacker stole $5.5 million.
PeckShield also stated that the attacker had moved over $5 million worth of crypto out of Ethereum, Polygon, and BNB Chain.
Poly Network tries to minimize attack impact.
While Poly Network has confirmed the incident, its team was yet to provide additional information on how it was exploited or the total amount stolen.
Poly Network has yet to respond to CryptoSlate’s request for comment at the time of writing.
Meanwhile, Poly Network advised its users to withdraw their assets as part of its effort to minimize risks. The protocol said it had told most project teams to remove liquidity from decentralized exchanges.
The team further called for assistance from industry experts and cybersecurity professionals who can assist in asset recovery. The protocol also claimed it had contacted centralized exchanges and law enforcement agencies to help track and freeze the funds.
This is not the first time that the cross-chain protocol has been exploited. In 2021, Poly Network was hacked for more than $600 million across three blockchains.