Poly Network, a leading cross-chain bridge platform, recently fell victim to another exploit, exposing vulnerabilities within the protocol.
The attack allowed hackers to issue billions of fraudulent tokens, leading to a temporary suspension of services. However, limited liquidity and security measures hindered the hackers’ attempts to profit from their ill-gotten gains.
Details of the Exploit
The attack on Poly Network exploited compromised private keys, as confirmed by blockchain security firm Dedaub.
By manipulating a smart contract function, the hackers generated tokens across multiple blockchains, affecting 57 crypto assets on ten blockchains. Although the amount stolen remains undisclosed, the transfer of at least $5 million worth of crypto occurred.
The hacker evaded verification by manipulating a parameter, allowing the issuance of tokens from Poly Network’s Ethereum pool to their own address on different chains. The hacker accumulated a massive token stash, reaching an extraordinary value of around $42 billion. However, the hacker could only convert and steal a fraction of the total value due to limited liquidity in many tokens.
The hacker faced significant challenges monetizing their stolen tokens due to low liquidity, particularly in assets like BNB and BUSD on the Metis blockchain. Additionally, the developers locked the illicitly-issued METIS tokens on the Poly Network bridge, rendering them inaccessible.
While the hacker converted some tokens into ether (ETH), the overall financial impact remained limited.
Poly Network’s Response and Lessons Learned
Poly Network’s response to the exploit drew criticism for its delayed seven-hour reaction time, resulting in an estimated loss of $5.5 million in stolen crypto. However, the lack of liquidity in many tokens played a role in mitigating further losses.
This incident underscores the importance of timely responses and continuous enhancements to protocol security. It serves as a valuable lesson for Poly Network and the wider crypto industry to improve response procedures, strengthen security measures, and prioritize liquidity management to mitigate the impact of future exploits.
Broader Implications for the Crypto Industry
The Poly Network exploit exposes vulnerabilities present in cross-chain bridge protocols. These bridges’ centralized nature and dependence on keepers controlled by the development team raise concerns regarding fund security.
The incident also highlights the need for effective monitoring solutions, such as Dedaub Watchdog, to minimize response time and protect against potential breaches.
The Poly Network exploit is a cautionary tale, exposing vulnerabilities within cross-chain bridge protocols. Although the hackers managed to issue billions of tokens, their profit-making ability was limited due to low liquidity and security measures.