Poly Network Advises Immediate Asset Withdrawal Post Breach
Summary: Poly Network was the latest victim of a DeFi hack, where hackers exploited a smart contract feature, compromising 57 crypto assets across 10 blockchains. The attacker took at least $5 million in cryptocurrency. The team is urging project teams and token holders to access liquidity and withdraw funds.
After an assault on the cross-chain bridge platform Poly Network on July 2, more information is emerging about how a hacker was able to create billions of tokens easily for financial gain. Poly Network said on Twitter on July 2 that it has become the latest victim of the DeFi hack after attackers exploited a smart contract feature on the cross-chain bridge protocol.
57 Different Crypto Assets Compromised
The most recent report from the team said that 57 different crypto assets across 10 different blockchains were compromised due to the vulnerability. It did not say how much was taken, but PeckShield had said the exploiter had taken at least $5 million in cryptocurrency.
The team recently tweeted:
“We have already initiated communication with centralized exchanges and law enforcement agencies and sought their assistance.”
It also urged project teams and token holders to access their LP (liquidity provider) tokens and withdraw liquidity. According to @0xArhat, a DeFi security expert, the attack took advantage of a flaw in the smart contract that enabled the hacker to “craft a malicious parameter containing a fake validator signature and block header.”
The smart contract approved this, letting the hacker issue tokens from Poly Network’s Ethereum pool to their own address on other chains including Metis, BNB Chain, and Polygon without going through the usual verification procedure.
Billions of Tokens Minted
Tokens were able to accumulate since this procedure was repeated for many chains. The researcher estimates that the hacker’s wallet possessed $42 billion at one time, but that the hacker was only able to convert and take a small percentage of those tokens. The hacker minted billions of tokens on blockchains that did not previously exist, and then sent them to own private wallet addresses.