What is Poly Network?
Poly Network was built for interoperability between multiple blockchains to build the next generation Infrastructure. So, public blockchains connect to poly network and communicate with other blockchains. Poly Network has already integrated Bitcoin, Ethereum, Neo, Ontology, Elrond, Ziliqa, Binance Smart Chain, Switcheo and Huobi ECO Chain. It is used for swapping tokens between multiple public blockchains.
The Attack and the cause
The poly network official handle tweeted that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon.
The assets stolen are $273 million of Ethereum tokens, $253 million in Binance Smart Chain and $85 million in USDC on the Polygon network.
Ethereum Address - https://etherscan.io/address/0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963
Binance Chain Address - https://bscscan.com/address/0x0d6e286a7cfd25e0c01fee9756765d8033b32c71
Polygon address - https://polygonscan.com/address/0x5dc3603C9D42Ff184153a8a9094a73d461663214
The Poly Network has completed its preliminary investigation of the hack and located the cause of the vulnerability.
The exploit was not caused by a single keeper (utility actors that maintain the blockchain network), instead, the hacker exploited a vulnerability between contract calls. Cross-chain smart contract calls distribute computing, storage, network resources and ecology among blockchains.
The reason of hack was abuse of cross chain contract calls.
Next steps
Tether froze 33M $USDT in relation to the hack as tweeted by Tether CEO.
About one hour after Poly announced the hack on Twitter, the hacker tried to move assets including USDT through the Ethereum address into liquidity pool Curve.fi and the transaction was rejected.
In the meanwhile, close to $100 million has been moved out of the Binance Smart Chain address and deposited into liquidity pool Ellipsis Finance.
According to another China-based blockchain security firm, Slowmist, the attackers’ original funds were in monero(XMR), a privacy-centric cryptocurrency, and were then exchanged for BNB, ETH, MATIC and a few other tokens before the attack.
The poly network also called upon miners and crypto exchanges to block the transactions coming from the above mentioned address.
Attacker's Message
In this transaction, https://etherscan.io/tx/0x552bc0322d78c5648c5efa21d2daa2d0f14901ad4b15531f1ab5bbe5674de34f the hacker sent the following message
IT WOULD HAVE BEEN A BILLION HACK IF I HAD MOVED REMAINING SHITCOINS! DID I JUST SAVE THE PROJECT?
NOT SO INTERESTED IN MONEY, NOW CONSIDERING RETURNING SOME TOKENS OR JUST LEAVING THEM HERE
The hack that Poly Network suffered is the largest DeFi hack since it accounts for over 58.2% of the market cap of all decentralized finance tokens.
These attacks shows that cross-chain protocols are vulnerable to attacks. Similar cross chain protocols Rari capital and Thorchain were exploited losing $11 million in ETH.
P.S : Poly Network and Poygon(MATIC) are not same.
New Update - August 11th, 2021
The hacker sent two transactions to his own wallet and sent a message that he is ready to return the funds and asked poly network to arrange him a multisig wallet.
Return the funds transaction Message - https://etherscan.io/tx/0x7b6009ea08c868d7c5c336bf1bc30c33b87a0eedd59dac8c26e6a8551b20b68a
Asking for multi sig wallet - https://etherscan.io/tx/0x79245fb1d1ae48a214118e25d6ad2f9324f514ec6708135a19ba9d4cfa6344f6
Thanks for reading.
