Second Major Hack Exposes Vulnerability in Poly Network’s Security Measures.
Poly Network, a cross-chain bridge facilitating asset transfers across blockchains, fell victim to a security attack on Sunday, resulting in an attacker pocketing $10 million worth of ether. Security firm Beosin, analyzing the incident, Poly network revealed that the attacker minted 57 tokens across 10 blockchains, including Ethereum, BNB Chain, Metis, and Polygon.
The ill-gotten gains amassed by the attacker reached an estimated on-paper value of over $34 billion. However, due to a lack of liquidity in the affected chains, the actual gains were significantly lower. Only a fraction of the minted tokens, totaling approximately 5,196 ETH ($10.1 million), were exchanged for ether on Ethereum and Binance Smart Chain networks, according to Beosin’s findings.
Beosin and Dedaub security analysts hypothesized that the assault on The Network may have been made easier by stolen or defaced private keys used in the platform’s primary smart contract. Three out of the four admin wallets are connected to the project’s principal smart contract, according to their claims. The Poly Network staff has not yet addressed these allegations.
This incident marks the second major security hack faced by Poly Network. In a previous attack in 2021, $611 million worth of assets were stolen, only to be returned later, making it one of the largest crypto heists to date.
Poly Network Responds With Suspension Of Services And Collaborative Efforts
In response to the security breach, Poly Network announced the suspension of its services and initiated collaborations with centralized exchanges and law enforcement agencies to identify the attacker and recover the funds. Centralized exchanges play a crucial role in tracking suspicious activities and halting transactions related to fraudulently minted tokens.
Poly Network recommended users holding afflicted assets unlock them and recover their liquidity pool (LP) tokens associated with such assets, as well as advising affected projects to remove liquidity from decentralized exchanges (DEX). The team also made a request to the attacker, pleading with them to restore the user assets to prevent any legal repercussions.
As investigations into the incident unfold, the blockchain community closely observes the Poly Network’s response and its efforts to enhance security measures, shedding light on the importance of robust security protocols within the decentralized ecosystem.