Link copied 
After facing a malicious attack, the cross-chain bridge service Poly Network found itself in the spotlight. A scheming hacker devised a way to generate billions of tokens, seemingly out of nowhere, aiming to line their pockets with massive crypto profits.
The audacious assault on Poly Network, a decentralized finance (DeFi) player, happened on July 2. The assailants exploited a weakness in a smart contract function within the protocol to their advantage. As a result of this security breach, the platform had to halt services for the time being.
Further inquiries revealed that the breach affected 57 types of crypto assets across ten different blockchains, including popular ones such as Ethereum, Polygon, BNB Chain, and others. However, the exact magnitude of the theft remains uncertain. Despite this, PeckShield, a security organization, has reported that the hacker managed to move at least $5 million in cryptocurrency.
Arhat, a DeFi security analyst, pinpoints a specific vulnerability in the smart contract as the root of this issue. The attacker was able to create a spurious validator signature and block header, bypassing verification and issuing tokens from Poly Network's Ethereum pool to their personal address on alternative chains such as Metis and BNB Chain. The attacker then replicated this method on other chains, amassing a sizable cache of tokens.
The perpetrator at one point reportedly had roughly $42 billion in tokens. However, due to liquidity restrictions, they were only able to convert and steal a portion. The security firm Dedaub revealed that Poly Network's response time of seven hours resulted in a theft of $5.5 million in crypto.
After the incident, the platform sought help from centralized exchanges and law enforcement agencies. Binance CEO, Changpeng Zhao, clarified that Binance users wouldn't be affected, adding that his platform does not accept deposits from the affected network.
In the aftermath, the Poly Network urged all project teams and stakeholders to withdraw liquidity and release their liquidity provider tokens. Meanwhile, the security firm Dedaub has labeled the incident as the "$34 billion Poly Network hack."
