According to blockchain security company Dedaub, the Poly Network has once again been hacked, this time because of stolen private keys.
Following a July 2 attack on the cross-chain bridge platform Poly Network, which allowed a hacker to create billions of tokens out of thin air for profit, more information is becoming available.
The cross-chain bridge protocol’s smart contract function was successfully manipulated by an attacker, and on July 2, Poly Network announced that it was the latest DeFi exploit victim and that services would be temporarily terminated in a statement on Twitter.
In their most recent update, the team revealed the vulnerability targeted 57 crypto assets across 10 blockchains, including Ethereum, BNB Chain, Polygon, Avalanche, Heco, OKx, and other platforms like Metis.
Although it wasn’t made clear how much was taken in the attack, Peckshield had earlier claimed that the exploiter had sent at least $5 million worth of cryptocurrency out.
In a July 3 statement, the team said, “We have already initiated communication with centralized exchanges and law enforcement agencies and sought their assistance.”
Additionally, it recommended token owners and project teams unlock their LP (liquidity provider) tokens and withdraw liquidity.
The exploit, according to DeFi security analyst was caused by a smart contract flaw that gave the hacker the opportunity to “craft a malicious parameter containing a fake validator signature and block header.”
By accepting this, the hacker was able to avoid the verification process and issue tokens from the Ethereum pool of Poly Network to their own addresses on other chains like Metis, BNB Chain, and Polygon. Other chains went through the same procedure, which allowed the token stockpile to grow. The hacker’s wallet once included tokens valued at about $42 billion, but he or she was only able to convert and take a portion of them, according to the expert.
Blockchain security solutions vendor Dedaub has termed the most recent Poly Network exploits as the “34 billion Poly Network hack.”
Dedaub pointed out the flaws in the protocol’s multi-signature system by claiming that it used a straightforward “3 of 4” multi-signature setup for two years, adding: “Looking at the final event, we found that the private keys to the addresses marked were compromised.”
Since there were no logic flaws exploited, Dedaub noted, the attack wasn’t particularly sophisticated. The site lost $5.5 million in cryptocurrency theft as a result of Poly Network’s seven-hour response delay, it was noted. Fortunately, the low level of liquidity in many of the tokens prevented additional losses.
After the incident, Changpeng Zhao, CEO of Binance, reassured users, saying, “This does not affect Binance users. We do not support deposits from this network.”
In August 2021, The Poly Network was subjected to one of the largest hacks in the business, during which hackers stole over $600 million and were later identified as being a part of the Lazarus Group, a North Korean hacking gang.
#PolyNetwork #Blockchain #Cryptonews
