Attacker Siphons $10 Million in Crypto From Poly Network – Here’s What Happened

Jai Pratap
Last updated: | 2 min read
Source: Pixabay

A hacker exploited the Poly Network over the weekend and swapped out nearly $10 million in ETH, security firm Beosin revealed.

Poly Network confirmed via Tweet on July 2nd that it became the latest victim of a DeFi exploit, enabling the hacker to mint $34 billion worth of crypto.

Poly Network, a cross-chain bridge that facilitates asset transfers across different blockchains, announced to temporarily suspend its services the following day after the hack occurred. 

The team behind the DeFi network revealed that the exploit allowed the hacker to mint 57 tokens across 10 blockchains, including Ethereum, BNB Chain, Metis, Polygon, Avalanche, Heco, and OKX.

The hacker’s wallet held over $42 billion worth of tokens following the hack on Sunday.

However, the hacker could not cash out the entire artificially minted stash because of lack of liquidity and security precautions. 

What Caused The Hack? 

The hack that occurred on Poly Network could have resulted from a theft of private keys used in the platform’s main smart contract, as per security analysts at Beosin and Dedaub.  

The security analysts don’t think that the exploit happened because of a specific vulnerability within the contract’s logic. 

The private keys for three out of the four admin wallets, which power the network’s main smart contract, were compromised, security firm alleged. 

The Poly Network team has not provided clarity on these claims yet. 

The team behind the DeFi network revealed that it was actively working with centralized exchanges and law enforcement agencies to identify the perpetrator and recover the funds as it announced to suspend its services temporarily.

Following the Poly Network hack, Binance CEO, Changpeng Zhao reassured customers it does not affect Binance users. The exchange does not support deposits from this network, he added. 

The team behind the exploited network also urged the affected projects to withdraw liquidity from decentralized exchanges and asked users holding the impacted assets to unlock them and claim back their liquidity pool (LP) tokens tied to those crypto assets.

The team also urged the hackers to return the stolen funds to avoid legal consequences. 

Second Major Exploit on Poly Network

The recent attack is the second major exploit on the Poly Network in the last 2 years. 

In August 2021, a group of hackers exploited the network’s vulnerability to steal nearly $611 million in cryptocurrencies in what is considered to be the one of the largest crypto hacks in history. 

However, the hackers returned nearly all the assets within two days of the hack. 

As per the reports, the exploit happened because of an alleged leak of a private key that was used to sign a cross-chain message.