Poly Network, the Decentralized Finance (DeFi) platform which recently fell victim to a major exploit has seen its attackers making off with a staggering $10 million.
According to data released by security firm Beosin on twitter, the exploit occurred when an unknown attacker identified a vulnerability in the code of the Poly Network platform. The attackers have exploited forged proofs to initiate withdrawal operations on the cross-chain bridge protocol, making use of several chains.
@PolyNetwork2 exploiter has swapped a total of 5,196 $ETH (~$10.1M) on Ethereum.
Other tokens (~$260 million) may not be cashed out by the attacker due to low liqudity.
The fees for these addresses on Ethereum are from @Bybit_Official, @kucoincom, @FixedFloat, @ChangeNOW_io pic.twitter.com/rTxIvY993P
— Beosin Alert (@BeosinAlert) July 3, 2023
Per a report from the Poly Network team, this vulnerability allowed the attackers to manipulate the system, transfer funds, and mint different amounts of 57 tokens across different blockchains. The Poly Network team also noted that the attacker took advantage of this flaw and swiftly moved funds from Ethereum (ETH), Metis, BNB Chain, Avalanche, OKX, and Polygon to their wallets, although the specific amount stolen was not mentioned.
Poly Network Responds to the Attack
Meanwhile, the Poly Network team was quick to respond to the attack, issuing a statement acknowledging the incident and urging the attacker to return the stolen funds to avoid any potential legal consequences.
In response to the incident, Poly Network assured its users that it will continue to address the situation, although the platform also announced the suspension of its services pending when the situation is placed under full control. The firm also requested the help of any cybersecurity experts on Twitter and individuals with relevant knowledge that could help solve the incident, to reach out as soon as possible.
We kindly request the assistance of cybersecurity professionals and individuals with relevant knowledge. If you possess any information that could aid us in this endeavor, we encourage you to actively contact us.
【2/7】— Poly Network (@PolyNetwork2) July 2, 2023
Likewise, the DeFi company advised users who are in possession of the affected assets to hasten up the process of withdrawing liquidity and unlocking their liquidity pool (LP) tokens.
Recall that this is not the first time the protocol is experiencing a major attack on its platform. In 2021, Poly Network announced that its platform had been hacked for $611 million. According to reports, the stolen assets include $272 million in Ethereum’s ERC20 tokens, 6,610 BSC- based tokens worth over $252 million, roughly $85 million in USDC tokens on the Polygon network, and $33 million worth of USDT (Tether).
Undoubtedly, the interoperability platform attack serves as a wake-up call for the entire DeFi ecosystem. It highlights the urgent need for stronger security measures and thorough audits of smart contracts. It is crucial for developers and platform operators to prioritize security and ensure that their systems are robust enough to withstand potential attacks.
