{"id":81107,"date":"2023-07-03T11:49:34","date_gmt":"2023-07-03T08:49:34","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=81107"},"modified":"2025-09-11T20:59:00","modified_gmt":"2025-09-11T17:59:00","slug":"experts-call-the-34-billion-attack-the-new-poly-network-exploit","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/experts-call-the-34-billion-attack-the-new-poly-network-exploit\/","title":{"rendered":"Experts call the &#8216;$34 billion&#8217; attack the new Poly Network exploit"},"content":{"rendered":"<p>On July 2, unknown attackers targeted the Poly Network cross-chain protocol and minted tokens worth tens of billions of dollars across several blockchains. The team paused the bridge&#8217;s operations.<\/p>\n<figure class=\\\"wp-block-image\\\"><img decoding=\\\"async\\\" src=\\\"https:\/\/lh6.googleusercontent.com\/m6iKLVippdnxcw5f3qJ7kBi4DfQIVRYwpJ9t0ekXOSx27aQvD4zGdnfy4XxQhs08eBVvfYM0FdWNRfBPB3493xJPCU08Ll_NSAyV1wK8wAgXyt4-cu95xw-z_A6FnxH3Dow_zOA2LCG2uzNjSiLX_to\\\" alt=\\\"Experts call the '$34 billion' attack the new Poly Network exploit\\\"\/><figcaption class=\\\"wp-element-caption\\\">Data: <a href=\\\"https:\/\/twitter.com\/PolyNetwork2\/status\/1675384703149568001\\\">Twitter<\/a>.<\/figcaption><\/figure>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\"><p>\\n<\/p>\n<p>\u201cDear users, we would like to inform you that Poly Network is temporarily suspending its services due to the recent attack. We are actively engaging with the relevant parties and carefully assessing the extent of the affected assets,\u201d the developers said.<\/p>\n<p>\\n<\/p><\/blockquote>\n<p><a href=\"https:\/\/u1f987.com\/en\/news\/what-are-cross-chain-bridges\">Cross-chain bridges<\/a> allow transferring tokens between networks, locking assets in one and issuing in another. Supposedly, the hackers manipulated the smart contract that executes the operations.<\/p>\n<p><a href=\"https:\/\/u1f987.com\/en\/news\/what-is-a-multisignature-what-is-a-ring-signature\">multisignature<\/a> addresses were used to control the smart contract. The attackers minted 10 billion BUSD and 100 million BNB (~$24.5 billion at the time) on Metis, 999 trillion SHIB on Heco and millions of tokens on other networks.<\/p>\n<p>According to a preliminary <a href=\\\"https:\/\/docs.google.com\/spreadsheets\/d\/1NK1v-hvaPKQviZqowtwwOm3swF0vNNN_vhFivbmRTqs\/edit#gid=1942611831\\\">assessment<\/a> by the Poly Network team, the incident affected 57 different tokens across 10 blockchains.<\/p>\n<p>According to <a href=\\\"https:\/\/twitter.com\/peckshield\/status\/1675307222727786497\\\">PeckShield<\/a>, at one point the hackers&#8217; wallets held assets totaling $42.8 billion.<\/p>\n<figure class=\\\"wp-block-image\\\"><img decoding=\\\"async\\\" src=\\\"https:\/\/lh5.googleusercontent.com\/GCS2G7rqKcGvORueV_pno8ldb9KuuCVtgjl-zeTdPJi4ItZkVro7010ZRSKaIZtemDLgiMS-Dwz7kL0ucjRiEUsg7Digswe5F2P7fRz4zxYOQatQqY-qRgF5V2UwE6gJkD14oEp5v0MVsequYcumPSw\\\" alt=\\\"Experts call the '$34 billion' attack the new Poly Network exploit\\\"\/><figcaption class=\\\"wp-element-caption\\\">Data: <a href=\\\"https:\/\/twitter.com\/dedaub\/status\/1675516729349292032\\\">Twitter<\/a>.<\/figcaption><\/figure>\n<p>Experts note that the protocol team had used for two years a simple 3-of-4 multisig scheme.<\/p>\n<p>Dedaub also noted that the Poly Network developers did not respond to the attack for seven hours. This allowed the hackers to sell assets worth about $5.5 million. A lack of sufficient liquidity across networks prevented a larger payoff.<\/p>\n<p>The Metis team confirmed that, for this reason, the attackers had no way to realise the issued BUSD and BNB worth about $34.5 billion.<\/p>\n<figure class=\\\"wp-block-image\\\"><img decoding=\\\"async\\\" src=\\\"https:\/\/lh4.googleusercontent.com\/atRBByWPkHwYxHcxMRwOGbxztXgQO8gjiag4bSwBP5r7yQlIl_niZyaKcaP0fgx56IXLzf0dQfuW6hevPA6ip4nUC0EZgkGxKqWAB-ywjZiALb5WVtrarNGiv-oD_GGzKk_Gwt3XY1odK4bcAR57DBg\\\" alt=\\\"Experts call the '$34 billion' attack the new Poly Network exploit\\\"\/><figcaption class=\\\"wp-element-caption\\\">Data: <a href=\\\"https:\/\/twitter.com\/MetisDAO\/status\/1675347320588718080\\\">Twitter<\/a>.<\/figcaption><\/figure>\n<p>In August 2021, unknown attackers hacked Poly Network and <a href=\"https:\/\/u1f987.com\/en\/news\/hackers-stole-611-million-from-the-poly-network-cross-chain-protocol\">withdrew $611 million<\/a> in various cryptocurrencies. Over the course of a month the hackers <a href=\"https:\/\/u1f987.com\/en\/news\/poly-network-recovers-611-million-stolen-in-hack\">returned all funds to the protocol<\/a> and even <a href=\"https:\/\/u1f987.com\/en\/news\/poly-network-hacker-threatens-to-delay-full-return-of-funds\">the reward paid to them<\/a> of 160 ETH (~$500,000 at the time).<\/p>\n<p>In the first half of 2023, the crypto industry <a href=\"https:\/\/u1f987.com\/en\/news\/report-crypto-industry-losses-from-hacks-and-scams-total-655-million-in-six-months\">lost about $655.6 million<\/a> due to hacks and fraud.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On July 2, unknown attackers targeted the Poly Network cross-chain protocol and minted tokens worth tens of billions of dollars across several blockchains. The team paused the bridge.<\/p>\n","protected":false},"author":1,"featured_media":81108,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,2231],"class_list":["post-81107","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-poly-network"],"aioseo_notices":[],"amp_enabled":true,"views":"30","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/81107","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=81107"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/81107\/revisions"}],"predecessor-version":[{"id":81109,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/81107\/revisions\/81109"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/81108"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=81107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=81107"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=81107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}