Cross-chain bridge protocol Poly Network is still reeling this week after suffering an exploit last Sunday, which saw at least $5m worth of cryptocurrency from 10 different blockchains (including Ethereum, Avalanche and others) siphoned to the attacker’s wallet.
It was reported that at one point the attacker’s wallet actually contained an eye-watering $42bn worth of tokens, however due to the nature of the exploit, a tiny portion of this sum could actually be extracted.
The attacker used a fake validator signature to trick the platform’s smart contract into signing the transaction and, worryingly, blockchain security firms have described the exploit technique as “simple”.
While nowhere near the value of the previous hack – this is the second time that Poly Network has been exploited in the past two years.
In 2021, the network was exploited by the infamous Lazarus Group for around $610m worth of tokens – and this second exploit may be further harming the chain’s reputation.
The operators of Poly Network have advised users to withdraw their tokens for the time being – which has caused the platform’s total value locked to drop by more than 36% since the attack.
(About Poly Network)
Poly Network is a decentralized finance (DeFi) platform that facilitates interoperability between various blockchain networks. It aims to overcome the limitations of siloed blockchains by creating a seamless environment for the transfer of digital assets across different networks. One of the key features of Poly Network is its ability to enable cross-chain asset transfers without the need for a central authority. This decentralized approach ensures that users have complete control over their assets and eliminates the need for intermediaries. In 2021 however, Poly Network fell victim to a huge exploit, which saw more than $600m drained from the platform. That hasn’t stopped the platform’s development, and Poly Network remains a popular protocol.