More details are coming to light after the July 2 attack on cross-chain bridge platform PolyNetwork, which resulted in a hacker being able to issue billions of tokens off-chain for a profit.

In a Twitter post on July 2, PolyNetwork confirmed that it fell victim to the latest DeFi attack after attackers manipulated smart contract functionality on the cross-protocol protocol. chain bridge, adding that they will temporarily suspend services.

In the most recent update, the team revealed the attack affected 57 crypto assets across 10 blockchains including Ethereum, BNB Chain, Polygon, Avalanche, Heco, OKx, and others like Metis.

It did not specify how much was stolen in the attack, but Peckshield previously reported that the miner had transferred at least $5 million worth of cryptocurrency out.


“We have initiated contact with centralized exchanges and law enforcement agencies and sought their assistance,” the team said in its July 3 update.

It also advises project teams and token holders to withdraw liquidity and unlock their LP (liquidity provider) tokens.

The hack '34 billion' Poly Network DeFi security analyst @0xArhat said the exploit was the result of a smart contract vulnerability that allowed hackers to "generate a malicious parameter containing forged authentication signatures and block headers." header)”.

This has been accepted by the smart contract allowing hackers to bypass the verification process allowing them to issue tokens from the Poly Network's Ethereum pool to their own addresses on other chains, such as Metis, BNB Chain and Polygon.
This process is repeated for other chains allowing token stock to be accumulated.

At one point, the hacker's wallet contained about $42 billion in tokens, the analyst said, but was only able to convert and steal a portion of it.
“In this way, hackers were able to mint billions of tokens on various blockchains that did not exist before and transfer them to their wallet addresses.”

The latest Poly Network attack has been dubbed the "34 billion Poly Network hack" by blockchain security solutions provider Dedaub.
Dedaub noted weaknesses in the protocol's multi-signature saying that it has had a simple "3 out of 4" multi-signature arrangement for more than two years, adding:
“Looking at the last event, we found that the private keys of the marked addresses were compromised.”

Dedaub explains that the attack is not complicated because no logical errors have been exploited. It added that Poly Network was slow to respond for seven hours, costing the platform $5.5 million in stolen crypto.

Fortunately, the lack of liquidity in many tokens prevented further losses.
Following the attack, Binance CEO Changpeng Zhao reassured customers, saying, “This does not affect Binance users. We do not support deposits from this network.”

PolyNetwork was attacked once before in one of the industry's largest exploits in August 2021 when the hackers, later revealed to have links to North Korean hacking group Lazarus Group, earned more than 600 million USD.