Poly Network Faces Massive Token Issuance Attack, Binance CEO Reassures Users

Poly Network, a protocol that facilitates interoperability across multiple blockchain networks, experienced a shocking incident of cybercrime recently.

Interoperability Platform Poly Network Suffers Massive Token Issuance Attack

In a breach over the weekend, Poly Network, an interoperability platform, fell victim to a relentless attacker who exploited the platform’s cross-chain bridge tool to create an astonishing number of tokens out of thin air.

The attacker, leveraging a vulnerability in the bridge tool, managed to generate billions of tokens that were previously nonexistent, according to Arhat, the founder of 3z3 Labs.

PolyNetwork's Cross-Chain Exploit of $34B.

The hack happened because of a smart contract vulnerability in @PolyNetwork2's cross-chain bridge tool.

Here's how it might have happened (Refer to the image below):

— The hacker crafted a malicious parameter containing a fake… pic.twitter.com/5Yf10zHy6j

— Arhat (@0xArhat) July 2, 2023

Poly Network quickly responded to the attack, suspending its services and assuring its users that their assets were being safeguarded. The platform emphasized the need for calm during this challenging time, as it diligently assessed the extent of the attack and the affected assets.

The audacity of the hacker’s exploit became evident when it was discovered that their digital wallet, at its peak, held a staggering $43 billion worth of cryptocurrency. This astronomical figure was corroborated by DeBank, a decentralized finance portfolio tracker, and confirmed by PeckShield, a renowned blockchain data and security firm.

Bridges, which enable the seamless transfer of assets between different networks, have long been coveted targets for hackers.

Similar Attacks have Happened in the Past

This attack echoes previous incidents, such as the issuance of nearly 100 million BNB and $10 billion of BUSD on the Metis layer-2 network during the Poly Network breach, as reported by Chinese crypto journalist Colin Wu.

The hacker’s exploits extended to the Heco network, where almost 100 trillion Shiba Inu coins were created, along with a significant volume of altcoins on Polygon and Avalanche.

Metis, in response to the breach on its network, assured users that the BNB and BUSD tokens issued by the hackers were essentially useless due to the lack of sell liquidity. These tokens have also been locked by Poly Network.

However, the hacker managed to convert a small portion of the stolen tokens on networks like Ethereum, where they were exchanged on decentralized platforms.

According to Arhat from 3z3 Labs, the estimated value of crypto that the attacker successfully converted amounts to approximately $400,000, rendering the remaining tokens essentially worthless due to the lack of liquidity.

Blockchain security firm SlowMist has provided an elevated assessment of the hacker’s profits. According to their report, the illicit gains amounted to more than $4 million in digital assets.

Among the converted assets were 1,500 Ethereum tokens with a value of $3 million and a staggering 93 billion SHIB coins worth approximately $700,000. These ill-gotten funds were successfully liquidated by the attacker.

Poly Network, despite its less prominent name, attracted attention in 2021 with a historic attack that constituted the largest exploit in decentralized finance at the time. A simple Google search of the platform’s name still yields results related to that infamous attack.

In that incident, Poly Network suffered a loss of $600 million, with funds drained from Ethereum, Binance Smart Chain, and Polygon. However, the project managed to partially recover from the attack by repaying affected users after the hacker returned $342 million worth of stolen crypto.

Binance CEO Assures Users Amidst Poly Network Hack

Changpeng “CZ” Zhao, the CEO of Binance, has come forward to address the recent Poly Network hack, offering important clarifications. The implications of the Poly Network attack were staggering, raising concerns about the security of decentralized finance platforms.

Contrary to popular apprehension, CZ made it clear that Binance users need not fret over the incident, as the platform does not support deposits from the affected network.

This assurance aimed to alleviate any concerns within the Binance community, reinforcing the message that their funds remained unaffected. However, despite this separation, Binance’s security team has actively engaged in aiding ongoing investigations to ensure a comprehensive resolution.

Poly Network, on the other hand, faced an immediate setback following the attack, resulting in the temporary suspension of its services. The scale of the breach prompted the company to work diligently alongside relevant parties, striving to assess the extent of the assets compromised.

As the industry grapples with the aftermath of this incident, the Poly Network hack serves as a stark reminder of the challenges faced by DeFi platforms and their users. Heightened security measures and constant vigilance have become paramount, ensuring that malicious actors find no gaps to exploit.

With the assistance of Binance’s security team and the collective efforts of industry participants, a quick resolution to this breach is anticipated, fostering renewed trust in the DeFi space.

Related

• 10 Best Bitcoin Wallets for Beginners – Store Crypto Safely
• THORChain Used in Disguising $35M Loot from Atomic Wallet Hack