On June 2, unknown people attacked the Poly Network internetwork protocol and issued tens of billions of dollars worth of tokens on several blockchains. The team stopped the work of the bridge.
“Dear users, we would like to inform you that Poly Network is temporarily suspending its services due to a recent attack. We are actively engaging with relevant parties and carefully assessing the volume of affected assets,” the developers said.
Cross-chain bridges allow you to transfer tokens between networks, blocking assets in one and issuing them in another. Presumably, the hackers were able to manipulate the smart contract that performs the operations.
Intruders issued in their favor 10 billion BUSD and 100 million BNB (~$24.5 billion at that time) on Metis, 999 trillion SHIB on Heco and millions of tokens on other networks.
By prior evaluation Poly Network team, the incident affected 57 different tokens on 10 blockchains.
According to PeckShieldat some point in the wallet of hackers there were assets with a total value of $ 42.8 billion.
Dedaub experts called the exploit “a $34 billion Poly Network hack.” According to them, the attackers did not use any vulnerabilities, but compromised three of the four private keys of multi-signature addresses to control the smart contract.
The specialists noticed that the protocol team had been using a simple “3 out of 4” multisig scheme for two years.
Dedaub also noted that Poly Network developers did not respond to the attack for seven hours. This allowed the hackers to sell assets for about $5.5 million. They were prevented from extracting large profits by the lack of sufficient liquidity in the networks.
The Metis team confirmed that for this reason, the attackers of the protocol had no way to realize the issued BUSD and BNB in the amount of about $34.5 billion.
In August 2021, unknown people hacked the Poly Network and withdrew $611 million in various cryptocurrencies. Within a month, the hackers returned all the funds to the protocol and even the 160 ETH (~$500,000 at that time) reward sent to the protocol.
Recall that in the first half of 2023, the crypto industry lost about $655.6 million as a result of hacks and fraud.
Found a mistake in the text? Select it and press CTRL+ENTER
Cryplogger Newsletters: Keep your finger on the pulse of the bitcoin industry!