Poly Network, a decentralized finance (DeFi) platform, experienced a significant breach resulting in a hacker issuing billions of tokens and potentially stealing millions of dollars. The attack targeted a smart contract vulnerability within the cross-chain bridge protocol, allowing the attacker to manipulate the system and accumulate a substantial amount of tokens.
This exploit affected 57 different cryptocurrencies across 10 blockchains, including Ethereum, BNB Chain, and Polygon. The exact amount stolen in the attack has not been disclosed, but initial reports suggest the hacker transferred at least $10 million worth of crypto.
Poly Network promptly confirmed the breach and temporarily suspended its services while initiating communication with centralized exchanges and law enforcement agencies for assistance. In response to the incident, the platform advised project teams and tokenholders to withdraw liquidity and unlock their liquidity provider tokens.
The hacker’s strategy involved crafting a malicious parameter with a fake validator signature and block header, exploiting a flaw in the smart contract.
This allowed them to bypass the verification process and issue tokens from Poly Network’s Ethereum pool to their own addresses on various other chains.
At one point, the hacker’s wallet held approximately $42 billion worth of tokens, but only a fraction of this sum was successfully converted and stolen. The breach exposed vulnerabilities in the DeFi space and raised concerns about the security of decentralized systems.
Despite the severity of the attack, the lack of liquidity in many tokens prevented further losses.Poly Network’s response time to the breach came under scrutiny, as it took seven hours for the platform to react, resulting in an estimated $5.5 million in stolen crypto.
As investigations continue, the incident serves as a reminder of the ongoing risks associated with cryptocurrency platforms and the importance of robust security measures to protect users’ funds.
