Pierluigi Paganini
July 04, 2023
Threat actors have stolen millions of dollars worth of crypto assets from the Poly Network platform during the weekend.
The platform suspended its services due to the cyber attack to investigate the security breach and assess the extent of the incident.
Dear users, we would like to inform you that Poly Network is temporarily suspending its services due to a recent attack. We are actively engaging with relevant parties and diligently assessing the extent of the affected assets. 【1/3】
— Poly Network (@PolyNetwork2) July 2, 2023
Please remain calm and trust that we are committed to safeguarding your assets. 【3/3】
— Poly Network (@PolyNetwork2) July 2, 2023
Poly Network is a decentralized interoperability protocol that facilitates cross-chain transactions and communication between different blockchain networks. It allows the transfer of digital assets across multiple blockchains. The platform acts as a bridge between different blockchain networks, it relies on a combination of smart contracts and other technical mechanisms.
The services were suspended early Sunday and during the afternoon the company shared a Google spreadsheet showing crypto assets that have been stolen by the attackers.
As a result of the attack, 57 assets have been affected on 10 blockchains. https://t.co/Q5MudJInr9
— Poly Network (@PolyNetwork2) July 2, 2023
The major portion of the assets currently held by following addresses.
【3/7】
Binance CEO Changpeng Zhao promtly declared that the security breach did not affect Binance users.”
This does not affect @Binance users. We do not support deposits from this network. Our security team is assisting them in its investigations though. Stay #SAFU. https://t.co/0EsD5Ux6vW
— CZ 🔶 Binance (@cz_binance) July 2, 2023
The company notifies centralized exchanges and law enforcement agencies in an attempt of identifying and block fraudulent transactions. They also hope that the attacker will cooperate and return the stolen assets to avoid any potential legal consequences.
“To minimize further risks, we have reached out to the majority of project teams and urged them to promptly withdraw liquidity from decentralized exchanges. We also strongly advise users who hold the affected assets to expedite the process of withdrawing liquidity and unlocking their LP tokens.” continues the company in a series of tweets. “We also strongly advise users who hold the affected assets to expedite the process of withdrawing liquidity and unlocking their LP tokens.”
Blockchain security firm PeckShield reported that the attackers have stolen about $42 billion worth of cryptocurrency.
Hi @PolyNetwork2 , you may want to take a look:https://t.co/cmbxAsFPGLhttps://t.co/4cqVV6EryK
— PeckShield Inc. (@peckshield) July 2, 2023
The above estimation is quite different from the figures reported by other blockchain security firms, according to The Record.
This isn’t the first time that the Poly Network has been hacked, in August 2021, threat actors stole $611 million, making this hack the largest DeFi hack to date.
After the attack, the threat actor behind the hack returned a large part of the stolen crypto assets after they have received a financial reward from the platform.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, cryptocurrency)
Data Breach / November 21, 2024
