Beoin alert reported, the decentralized finance (DeFi) platform Poly Network has encountered a serious security breach. It appears that the platform’s private keys or multi-signature service have potentially been compromised. This breach has allowed a hacker to exploit forged proofs and carry out unauthorized withdrawal operations on the platform’s cross-chain bridge contracts across multiple chains.
To understand the attack, let’s examine a specific instance involving the address 0x906639ab20d12a95a8bec294758955870d0bb5cc. The attacker initiated the attack by invoking the lock function on the LockProxy cross-chain bridge contract, effectively locking a small amount of Lever Token. The transaction details can be viewed on Etherscan at etherscan.io/tx/0x1b8f8a3883/. It is noteworthy that the toChainId 6 corresponds to the BNB chain, and the transaction can be verified on the Poly Network explorer at explorer.poly.network.
However, upon further investigation, it was discovered that the quantity involved in the withdrawal operation on the BNB chain did not match the original lock amount. Surprisingly, no record of this transaction was found when querying the relay chain network.
This peculiar situation raises suspicions regarding the security of signatures and keepers. Signatures play a crucial role in validating user withdrawals, and if compromised, they can enable attackers to initiate unauthorized transactions with forged signatures. At this point, it remains uncertain whether the signatures have been leaked or if the keepers responsible for signing withdrawals have been tampered with.
While scrutinizing the attacker’s use of the verifyHeaderAndExecuteTx function for withdrawal operations, it was determined that the keepers involved in the process have not been modified. This finding suggests that the compromise might lie elsewhere, prompting further investigation into the security measures of the affected systems.
Poly Network’s security team is actively working to identify the root cause of the breach and mitigate its impact. They are collaborating with blockchain security firms, cryptocurrency exchanges, and other stakeholders to trace the flow of funds and potentially recover the stolen assets.
The incident serves as a reminder of the persistent security challenges faced by DeFi platforms and the importance of implementing robust security measures. As the industry continues to grow and attract significant investments, ensuring the protection of users’ funds and assets becomes paramount. Poly Network and other platforms are expected to intensify their efforts to enhance security protocols, conduct thorough audits, and strengthen their defenses against potential attacks.