TL;DR
-
Poly Network has asked its users to withdraw their funds after it experienced a hack.
-
The exploit affected 57 cryptocurrencies on the Poly Network.
Poly Network Suffers A Hack
Poly Network announced over the weekend that it experienced an attack, with the attacker carting away billions of tokens.
Dear users, we would like to inform you that Poly Network is temporarily suspending its services due to a recent attack. We are actively engaging with relevant parties and diligently assessing the extent of the affected assets. 【1/3】
— Poly Network (@PolyNetwork2) July 2, 2023
In a tweet on July 2nd, Poly Network confirmed that attackers managed to manipulate a smart contract function on the cross-chain bridge protocol. This resulted in the temporary suspension of its services.
In a recent update, the team added that the exploit affected 57 crypto assets on 10 blockchains. Some of the affected blockchains include Ethereum, BNB Chain, Polygon, Avalanche, Heco, OKX and Metis.
However, the Poly Network didn’t specify the amount stolen in the attack. Blockchain security firm PeckShield reported that the attacker had transferred out at least $5 million worth of crypto. The team stated that;
“We have already initiated communication with centralized exchanges and law enforcement agencies and sought their assistance.”
The team also advised project teams and token holders to withdraw liquidity and unlock their liquidity provider tokens.
DeFi security analyst Arhat explained that the attack was due to a smart contract vulnerability that allowed the attacker to craft a malicious parameter containing a fake validator signature and block header.
The network accepted this as a smart contract, allowing the hacker to bypass the verification process and issue tokens on the Poly Network’s Ethereum pool to their own address on other chains, such as Metis, BNB Chain, and Polygon.
The hacker repeated the process for other chains, allowing them to issue billions of tokens. The hacker’s wallet held around $42 billion worth of tokens at one point. However, they were only able to convert and steal a fraction of the funds.