- A hacker exploited a contract vulnerability, bypassed verification, and issued billions of dollars worth of tokens
- The platform has suspended work until all circumstances are clarified.
- The attacker still managed to withdraw part of this cryptocurrency
On Sunday, July 2, the Poly Network platform was hacked. A hacker exploited the vulnerability to issue billions of dollars worth of tokens. The site has suspended work until all circumstances are clarified.
The exact reason for the hack is still unknown. Apparently, the attacker used a vulnerability in the smart contract, transmits founder of the 3z3 Labs project with the nickname “Arhat”.
The hacker was able to bypass the verification through the “EthCrossChainManager” function. The contract executed a fake request, as a result of which the attacker was able to issue tokens from the Ethereum pool to his address in other chains.
These are Metis, Polygon and Binance Smart Chain. He then repeated the process for Heco and Avalanche. According to PeckShieldat some point, the hacker’s account contained more than $42 billion worth of cryptocurrencies.
It has issued over 99M BNB, 10B BUSD, around 100T SHIB, and many altcoins. Metis stated that the issued tokens are worthless, as they are not backed by the necessary liquidity.
But the hacker still managed to withdraw part of the funds on other networks, such as Ethereum. The exact amount of damage is still unknown. On the morning of July 2, the administration of Poly Network acknowledged the hack and said she had stopped working.
The situation was commented by Binance CEO Changpeng Zhao. He stated that the incident will not affect Binance users in any way, while the exchange actively contributes to the capture of the criminal. This is the second major hack of the Poly Network. In August 2021, the platform suffered a loss of $610 million. All assets were returned within two weeks. This hack is considered the largest in the history of DeFi.