Author

Topic: Poly Network Urges Users to Withdraw After Exploit Affects 57 Crypto Assets (Read 59 times)

legendary
Activity: 1666
Merit: 1037
This should be in the Altcoin Discussion section as this is not directly related to Bitcoin, nor is it large enough to effect Bitcoin or the market as a whole (DeFi hacks like this happen frequently).

It does make me wonder if a chain exploit similar to this is the next thing that might harm Ethereum and Layer 2's. Wrapped Bitcoin and tokenized altcoins are extremely dangerous to hold, and this situation is a perfect example.

Hopefully law enforcement and the teams are able to trace and recover the funds, find a solution, patch it, and move on.
full member
Activity: 868
Merit: 116
Further details are coming to light following a July 2 attack on cross-chain bridge platform Poly Network, which has resulted in a hacker being able to issue billions of tokens out of thin air for profit.

In a July 2 Twitter post, Poly Network confirmed it became the latest DeFi exploit victim after attackers managed to manipulate a smart contract function on the cross-chain bridge protocol, adding it will be temporarily suspending services.

In the most recent update, the team revealed the exploit affected 57 crypto assets on 10 blockchains — including Ethereum, BNB Chain, Polygon, Avalanche, Heco, OKx, and others such as Metis.

It did not specify how much was stolen in the attack but Peckshield earlier reported that the exploiter had transferred at least $5 million worth of crypto out.

“We have already initiated communication with centralized exchanges and law enforcement agencies and sought their assistance,” the team stated in a July 3 update.

It also advised project teams and token holders to withdraw liquidity and unlock their LP (liquidity provider) tokens.


'34 billion' Poly Network hack breakdown

DeFi security analyst @0xArhat said the exploit was a result of a smart contract vulnerability that allowed the hacker to “craft a malicious parameter containing a fake validator signature and block header.”

This was accepted by the smart contract enabling the hacker to bypass the verification process allowing them to issue tokens from Poly Network's Ethereum pool to their own address on other chains, such as Metis, BNB Chain, and Polygon.

The process was repeated for other chains enabling the token stash to pile up.

At one point the hacker’s wallet held around $42 billion worth of tokens but was only able to convert and steal a fraction of them, said the analyst.

FULL DETAILS HERE
Jump to: