Exploit Affects 57 Crypto Assets: Poly Network Urges Users To Withdraw

• Poly Network has been exploited again, due to compromised private keys.
• Attackers managed to manipulate a smart contract function on the cross-chain bridge protocol, resulting in the transfer of around $10 million worth of crypto.
• The team has advised project teams and tokenholders to withdraw liquidity and unlock their liquidity provider tokens.

Poly Network Exploit Affects 57 Crypto Assets

The Poly Network has been exploited again, this time due to compromised private keys, according to blockchain security firm Dedaub. Further details are coming to light following a July 2 attack on cross-chain bridge platform Poly Network, with a hacker being able to issue billions of tokens out of thin air for profit.

Hacker Transfers Out At Least $5 Million Worth Of Crypto

In the most recent update, the team revealed that the exploit affected 57 crypto assets on 10 blockchains, including Ethereum, BNB Chain , Polygon, Avalanche, Heco, OKX and Metis. It did not specify how much was stolen in the attack, but PeckShield earlier reported that the exploiter had transferred out at least $5 million worth of crypto. A July 3 report from CertiK later estimated the attack led to around $10 million worth of crypto collected across five externally owned addresses.

Temporarily Suspending Services For Security Reasons

The team stated in a July 3 update that it will be temporarily suspending services for security reasons. It also advised project teams and tokenholders to withdraw liquidity and unlock their liquidity provider tokens as soon as possible: “We have already initiated communication with centralized exchanges and law enforcement agencies and sought their assistance”

Smart Contract Vulnerability Allowed Hacker To Issue Tokens From Ethereum Pool

DeFi security analyst Arhat said the exploit resulted from a smart contract vulnerability that allowed the hacker to “craft a malicious parameter containing a fake validator signature and block header” which was accepted by the smart contract bypassing verification process. This enabled them to issue tokens from Poly Network’s Ethereum pool into their own address on other chains such as Metis, BNB Chain and Polygon accumulating an impressive stash worth around $42 billion at one point though only managing transferring out some fraction of these funds before getting caught by authorities.

Blockchain Security Firm Involved In Investigation

Blockchain security firm PeckShield is involved in investigating this incident looking into exact amount stolen while also monitoring if any funds are being moved or laundered through decentralized exchanges or mixing services like Tornado Cash & Wasabi Wallet adding “We are actively coordinating with exchanges/projects/law enforcement agencies worldwide to trace back all related activities regarding this incident.”