thecoinrepublic.com
- Poly Network, a cross-chain decentralised finance (DeFi) network, was hacked on Tuesday, with the suspected hacker stealing $600 million in cryptocurrency
- The Poly team stated, they urge on miners of affected blockchains and crypto exchanges to ban tokens originating from the aforementioned addresses
- The intrusion may have been initiated by the release of a private key that was used to sign the cross-chain communication, according to BlockSec, a China-based blockchain security firm
Poly Network, a cross-chain decentralised finance (DeFi) network, was hacked on Tuesday, with the suspected hacker stealing $600 million in cryptocurrency. Poly Network is a protocol that runs on the Binance Smart Chain, Ethereum, and Polygon blockchains, and was created by the inventor of the Chinese blockchain project Neo.
The assault on Tuesday targeted each chain in turn, with the Poly team locating three addresses where stolen assets were moved. According to blockchain scanning tools, the three addresses contained more than $600 million in various cryptocurrencies at the moment Poly tweeted about the assault, including USDC, wrapped bitcoin (WBTC, +0.61%), wrapped ether (ETH, +2.39 percent), and shiba inu (SHIB).
The Poly team stated, they urge miners of affected blockchains and crypto exchanges to ban tokens originating from the aforementioned addresses. With a value of $600 million, the Poly Network hack would be one of the biggest in crypto history. Tether CTO Paolo Ardoino tweeted that the attack had resulted in a $33 million freeze. In the meantime, almost $100 million has been transferred out of the Binance Smart Chain address and put into the liquidity pool of Ellipsis Finance in the last 30 minutes. At the time of publishing, the Poly team could not be reached for comment. Poly Network was the government-backed Blockchain-based Service Network’s second Chinese interoperability standard.
The intrusion may have been initiated by the release of a private key that was used to sign the cross-chain communication, according to BlockSec, a China-based blockchain security firm. Another probable cause, according to the report, is a potential flaw in Poly’s signature mechanism, which may have been “abused” to sign the message.
According to Slowmist, a blockchain security business headquartered in China, the attackers’ first funds were in monero (XMR, +2.98 percent ), a privacy-focused cryptocurrency, which were subsequently swapped for BNB, ETH, MATIC (+15.54 percent ), and a few other tokens. After that, the attackers launched attacks on the Ethereum, BSC, and Polygon blockchains. Slowmist’s partners, including China-based exchange Hoo, backed up the findings.
Slowmist stated that, based on the movements of cash and numerous fingerprint information, it is likely a long-planned, coordinated, and well-prepared attack. In reaction to the incident, a spokesman for Binance Smart Chain told CoinDesk that as a decentralised blockchain, protocols and users on BSC must very seriously adopt security precautions.
The Poly attack has affected Ethereum, Polygon, and BSC users, according to the spokesman. Recently, a number of trustless bridges have been the target of such significant assaults, and we advocate doing security assessments and conducting essential due diligence before dealing with any projects. BSC is now working with its security partners to give as much assistance as possible to the ongoing inquiry, according to the spokesman.
The Poly Network issue demonstrates how vulnerable fledgling cross-chain protocols are to attackers. Thorchain, a cross-chain liquidity protocol, was hacked twice in two weeks in July. In May, Rari Capital, another cross-chain DeFi protocol, was hacked, resulting in the loss of approximately $11 million in ETH.
As shown by all of the exploits we’ve seen, cross-chain is a really difficult area, with the extra complexity of links with every other chain and all of their idiosyncrasies, said Ryan Watkins, a research analyst at blockchain analytics startup Messari.