Poly Network Exploited For Record $600 Million

Reading Time: 2 minutes
  • In the largest exploit in DeFi history, hackers exploited Poly Network that resulted in over $600 million in losses.
  • “We will take legal actions and we urge the hackers to return the assets,” the network said.
  • While it is not yet clear how the network was hacked, analysts have different opinions.

Poly Network, an interoperable between multiple chains, has been exploited for over $600 million. The network was exploited across multiple decentralized finances (DeFi) exchanges, including Ethereum, Binance Smart Chain, and Polygon.

In what emerges to be the largest exploit in DeFi history, hackers exploited Poly Network using a vulnerability among contract calls that resulted in over $600 million in losses. The full extent of the damage is yet to be identified, but it already marks the biggest hack in the history of crypto.

Poly Network revealed the bad news via a Twitter thread, calling on miners to blacklist tokens coming from the hacker’s addresses. “We will take legal actions and we urge the hackers to return the assets,” the network said.

Hackers have made off with over $250 million from BSC, more than $270 million from Ethereum, and more than $85 million in USDC from Polygon Network.

Poly Network, a cross-chain interoperability protocol, can be used to swap tokens across a number of blockchains. The network has implemented interoperability with eleven blockchains including Bitcoin, Ethereum, Neo, Ontology, BSC, HECO, OKExChain, Polygon, Elrond, Zilliqa, and Cosmos-SDK.

Following the hack, Paolo Ardoino, Chief Technology Officer at Tether, tweeted that the company has frozen approximately $33 million in USDT.

Michael Tant, business analyst at inside.com, said that people are now less worried regarding DeFi hacks. “Surprisingly, the market has not been affected much, despite $600 million being exploited, which is pretty significant. I think that is telling of the market that we are in. DeFi has survived so many individual hacks and exploits that people are less scared of their assets going to zero as a result,” he said.

How Was Poly Network Hacked?

While it was initially claimed that the network was exploited using a vulnerability in contract calls, some analysts have other opinions. Research by a BlockSec security auditor, which he stressed is not finished yet, asserts two possible options. He said:

[The theft could be the result of] either the leakage of the private key that is used to sign the cross-chain message or a bug in the signing process of the PolyNetwork that has been abused to sign a crafted message.

Mudit Gupta, an Ethereum core developer, said “the attacker got hold of at least 3 keepers and then used them to change the keepers to a single keeper.” However, SlowMist, a blockchain security team, disagreed with Gupta. “It is not the case that this event occurred due to the leakage of the keeper’s private key,” it reported.

Share