Two years after suffering a $611 million hack, the Poly Network bridge is once again being robbed of funds. The protocol has closed its platform to its users and is trying to block the attacker’s assets by any means necessary. Fortunately, thanks to a lack of liquidity, the losses incurred by the attack are less. We take stock of the situation.
Poly Network suffers another hack
On Sunday, the cross-chain bridge deployed by Poly Network was targeted by a hacker. As a result, the platform dedicated to the exchange of cryptocurrencies between different blockchains has suspended its services indefinitely
Dear users, we would like to inform you that Poly Network is temporarily suspending its services due to a recent attack. We are actively engaging with relevant parties and diligently assessing the extent of the affected assets. 【1/3】
– Poly Network (@PolyNetwork2) July 2, 2023
Dear users, we would like to inform you that Poly Network is temporarily suspending its services due to a recent attack. We are actively working with the parties involved and are diligently assessing the extent of the assets affected. “
According to the latest information, 57 cryptocurrencies are affected by the attack, all scattered across 10 different blockchains. This includes the Polygon, Avalanche, Ethereum and BNB Chain networks to name but a few.
Where did the hack originate? A function in the smart contract hosting the cash was exploited to create new tokens that, in reality, do not exist in the protocols issuing the cryptocurrencies concerned.
In theory, the thieves created new tokens now worth more than $42 billion, more than half of which is in BNB and BUSD. However, due to a lack of liquidity on the platform, the hacker’s profits have plummeted. He left with $5.5 million in his pocket.
To avoid any spillover from the hack that could cause further losses, Poly Network is advising its teams and cryptocurrency holders to withdraw their cash. At the same time, the protocol says it is in correspondence with legal authorities to push the hacker to come to terms :
“We have already initiated communication with centralized exchanges and law enforcement agencies to solicit their assistance. We hope the attacker will cooperate and return the assets to avoid any potential legal consequences. “
Previous $600 million hack
One of the priorities of Web3 applications is to be able to guarantee the security of their users’ funds while ensuring the transparency of their protocols. As a result, great importance is attached to the fight against hackers.
In the past, Poly Network has failed in this mission: by having 611 million dollars stolen during an attack in August 2021, the protocol suffered, at the time, the biggest financial loss of Web3 following a hack.
A few days after the operation, the attacker returned the stolen funds in full. For its part, the protocol dropped all charges against it. He will receive a $500,000 bonus as a reward, as well as a job as an IT security adviser for the company behind the protocol.
At the time of writing, the hack that has stolen the most funds is that of Ronin Network. The sidechain dedicated to the Axie Infinity game had suffered a loss of 624 million dollars, once again through a bridge.
