The attackers manipulated nearly 57 assets across 10 different blockchains and created nearly $42 billion in tokens immediately after the attack.
On Sunday morning, July 2, attackers issued tokens worth billions of dollars on the Poly Network by exploiting a smart contract function in the cross-chain protocol Poly Network’s bridge tool.
As bridges allow swapping tokens across different blockchains, bridge attacks have been quite popular in the DeFi space. These bridges perform swaps by using a smart contract and locking value on one network while releasing it on the other.
As per 3z3 Labs founder Arhat, the attacker exploited a vulnerability in the cross-chain bridge protocol of Poly Network. This allowed the attacker to create massive amounts of tokens out of thin air.
The team behind the Poly Network acknowledged that they have been under attack. On Sunday, July 2, the Poly Network also informed the users their services have been suspended and they are assessing the scope of the attack. The official announcement from Poly Network reads:
“As we continue to address this situation, we regret to inform you that our services will remain temporarily suspended. We kindly request the assistance of cybersecurity professionals and individuals with relevant knowledge. If you possess any information that could aid us in this endeavor, we encourage you to actively contact us.”
Poly Network Attackers Minted 57 Assets
As per reports, the hackers of Poly Network minted a total of 57 assets across 10 different blockchains. The attackers created a large number of Binance USD (BUSD) and BNB tokens on the Metis blockchain, as well as a massive amount of Shiba Inu (SHIB) tokens on the Heco blockchain.
They also generated millions of other tokens on different networks like Avalanche and Polygon. As a result, the attackers’ wallet appeared to have a value of over $42 billion in tokens immediately after the attack.
However, the attackers were unable to convert a large number of tokens into money due to a severe shortage of available buyers. The developers of Metis stated that there was no market for selling the BNB and BUSD tokens. Additionally, the illicitly-created METIS tokens were locked on the PolyNetwork bridge by the developers, preventing their use or sale.
However, the attackers managed to find buyers for other tokens they created illegally. They exchanged 94 billion SHIB tokens for 360 ether (ETH), 495 million COOK tokens for 16 ether, and 15 million RFuel tokens for 27 ether, according to analytics firm Lookonchain. “We noticed that hackers are transferring assets and 1 $ETH to new wallets, most likely for sale,” Lookonchain added.