The recent hack led to the creation of approximately 42 billion in malicious token issuances on PolyNetwork. However, despite the staggering value, the attackers may find their ill-gotten gains to be of limited financial benefit.
In a Sunday morning attack, hackers exploited a smart contract function within PolyNetwork's bridge tool, a cross-chain protocol, resulting in the issuance of billions of tokens. The bridge tool facilitates the seamless swapping of tokens across different blockchains by locking value on one network and unlocking it on another through a smart contract mechanism.
By manipulating the bridge's functionality, the attackers were able to deceive the system into minting tokens on one network that did not actually exist. Among the tokens minted, the attackers created over 24 billion Binance USD (BUSD) and BNB on the Metis blockchain, 999 trillion Shiba Inu (SHIB) on the Heco blockchain, and millions of other tokens on various networks like Avalanche and Polygon. As a result, the attackers' wallet initially held over $42 billion worth of tokens on paper.
However, as more information about the exploit surfaced, the Metis DAO reported the lack of adequate liquidity to facilitate the sale of the newly minted BNB and BUSD tokens. This limitation posed a significant hurdle for the attackers in converting their ill-gotten assets into tangible gains. Additionally, the developers took prompt action by locking the illicitly issued METIS tokens. Furthermore, the DAO and reassured users of the security of their funds on the Metis Andromeda platform, affirming that their funds remained unaffected and safe amidst the incident.
“All minted METIS tokens from PolyBridge have been locked on BNBChain by PolyNetwork and have limited liquidity.” – Metis DAO
Binance's CEO, Changpeng Zhao, commented on the incident, stating that the exchange remains unaffected as it does not support deposits from the Poly Network. However, Zhao emphasized that Binance's security team is actively assisting Poly in their investigation to mitigate the impact of the attack.
Meanwhile, PolyNetwork, Metis, and other affected entities are taking swift action to freeze the newly minted assets and prevent further unauthorized transactions. However, the hackers are making efforts to sell the compromised assets, with LookOnChain, a blockchain data platform, reporting multiple instances of various assets being exchanged for Ethereum (ETH) as a means to maintain liquidity for the stolen funds.
Not the First Time for Poly Network
The recent attack on Sunday is not the first security breach to impact the Poly Network. The protocol had previously experienced a similar exploit in August 2021 when hackers managed to transfer approximately $610 million USD worth of digital assets to their own wallets in what was one of the largest security breaches in DeFi history.
Following the attack measures were taken to block the movement of the compromised assets through collaborative efforts across the industry, with the Poly Network team even reaching out to exchanges and Miners for assistance in tracking and freezing the stolen tokens. Notably, Tether took action by freezing $33 million worth of USDT tokens associated with the incident.
Then, in what was an unusual twist, the Poly Network team issued a plea to the attackers in an open letter on Twitter, urging them to return the stolen tokens – and they did. Remarkably, over a span of 15 days, all the stolen assets were eventually returned to the Poly Network, marking a notable achievement in the recovery process. Shortly after the hack, the hacker stated that their intention was always to return the stolen funds, claiming that the primary purpose of the hack was to teach a lesson to the Poly Network.
These incidents serve as a stark reminder of the challenges faced by decentralized networks in safeguarding user assets and maintaining robust security measures. With the DeFi industry continuing to grow, and with billions locked in various ecosystems across the industry, that value has drawn the eyes of many. Although there is a world of new opportunities within this industry it is crucial for developers, projects, and users to remain vigilant and implement robust security measures to protect against potential attacks.