Join Our Telegram Group

Join Our Telegram Group

Poly Network, a popular cross-chain protocol, temporarily suspended its services due to a major security breach. The incident has prompted the team behind Poly Network to collaborate with relevant parties to evaluate the extent of the asset loss caused by the attack. Preliminary investigations have shed light on the attacker’s tactics and the potential implications for affected users.

Unraveling the Attack

Accourding to @BeosinAlert During the initial analysis, it was discovered that the attacker utilized multiple addresses to withdraw funds from cross-chain bridge contracts on the Ethereum network. What’s interesting is that some of these addresses had executed cross-chain operations approximately two months before the attack took place. It was observed that each cross-chain protocol used by the attacker was directed towards a chain ID of 6, despite no activity being identified on this specific chain ID. This suggests that the attacker simply needed to stake assets on the Ethereum network to facilitate the fund withdrawals.

Examining the Attacker’s Techniques

A deeper examination of the attacker’s techniques has revealed an intriguing pattern. In certain instances, the attacker performed a single lock operation but called the verifyHeaderAndExecuteTx function twice, resulting in the withdrawal of different funds. This raises concerns about the potential forgery of proofs, indicating that the security measures implemented within the affected protocols might have vulnerabilities.

Initially, it was hypothesized that the attacker gained access to the validator’s private key, leading to the compromise of the entire network. However, this hypothesis is challenged by the fact that the attacker did not immediately extract all funds if they possessed the validator’s private key. Moreover, there would be no need to lock the funds for further withdrawal. These findings suggest that alternative methods were employed to exploit the vulnerabilities within the system.

Importance of Thorough Investigations

It is crucial to note that each wallet can only claim funds once, underscoring the need for thorough investigations to determine the exact extent of the asset loss suffered by Poly Network and its users. The team behind Poly Network has mobilized its resources to swiftly resolve the situation and minimize the impact on affected parties.

Ensuring Security and Vigilance

In the wake of this incident, it is of utmost importance for users of Poly Network and other similar platforms to exercise caution and remain vigilant regarding the security of their assets. Implementing additional layers of security, such as multi-factor authentication and regular monitoring of transactions, can significantly reduce the risk of falling victim to such attacks.


The temporary suspension of Poly Network’s services following the recent attack has brought attention to the vulnerabilities within cross-chain protocols and the need for enhanced security measures. The ongoing investigation aims to determine the extent of the asset loss and identify the motives behind the attack. As the situation unfolds, it is essential for all stakeholders to stay informed and proactively protect their digital assets in an increasingly interconnected and evolving landscape.


Get the latest crypto news today and bitcoin updates on CoinBuzzFeed. Stay up-to-date with the latest blockchain insights, expert opinions, and analysis.

Leave A Reply