Further details are coming to light following a July 2 attack on cross-chain bridge platform Poly Network, with a hacker being able to issue billions of tokens out of thin air for profit.
In a July 2 tweet, Poly Network confirmed it became the latest decentralized finance (DeFi) exploit victim after attackers managed to manipulate a smart contract function on the cross-chain bridge protocol, adding it will be temporarily suspending services.
In the most recent update, the team revealed that the exploit affected 57 crypto assets on 10 blockchains, including Ethereum, BNB Chain, Polygon, Avalanche, Heco, OKX and Metis.
It did not specify how much was stolen in the attack, but PeckShield earlier reported that the exploiter had transferred out at least $5 million worth of crypto.
“We have already initiated communication with centralized exchanges and law enforcement agencies and sought their assistance,” the team stated in a July 3 update.
It also advised project teams and tokenholders to withdraw liquidity and unlock their liquidity provider tokens.
’34 billion’ Poly Network hack breakdown
DeFi security analyst Arhat said the exploit resulted from a smart contract vulnerability that allowed the hacker to “craft a malicious parameter containing a fake validator signature and block header.”
This was accepted by the smart contract, enabling the hacker to bypass the verification process and allowing them to issue tokens from Poly Network’s Ethereum pool to their own address on other chains, such as Metis, BNB Chain, and Polygon.
The process was repeated for other chains enabling the token stash to pile up.
At one point, the hacker’s wallet held around $42 billion worth of tokens, but they were only able to convert and steal a fraction of them, said the analyst.
“This way, the hacker was able to mint billions of tokens on various blockchains that did not exist before and transfer them to their own wallet addresses.”
Blockchain security solutions provider Dedaub dubbed the latest Poly Network exploit the “34 billion Poly Network hack.”
Getting to the bottom of the “34 billion” Poly network hack with a technical postmortem.
TL ; DR
Poly network had a simple 3 of 4 multisig arrangement over 2 years!
Looking at the final event we found that the private keys to the addresses marked were compromised. pic.twitter.com/Y0eMJXcYso
— Dedaub (@dedaub) July 2, 2023
Dedaub noted weaknesses in…
Click Here to Read the Full Original Article at Cointelegraph.com News…
