PolyNetwork's Cross-Chain Exploit of $40B+

Do repost and rate:

The hack happened because of a smart contract vulnerability@PolyNetwork2's cross-chain bridge tool.

Here's how it might have happened (Refer to the image below):

  • The hacker crafted a malicious parameter containing a fake validator signature and block header.
  • The fake signature was generated by using an elliptic curve algorithm that is not supported by Ethereum but was accepted by the verification function.
  • The fake block header was created by using a hash function that is different from the one used by Ethereum but was not checked by the verification function.
  • The hacker passed this malicious parameter to the "verifyHeaderAndExecuteTx" function of the "EthCrossChainManager" contract, which is supposed to verify and execute cross-chain transactions on Ethereum.
  • This function relies on another contract called "EthCrossChainData" to verify the parameter, but the hacker bypassed this verification process by exploiting the vulnerability in the verification function.
  • The hacker tricked the "EthCrossChainManager" contract into thinking that the parameter was valid and authentic & executed it without any further checks.
  • This allowed the hacker to issue tokens from PolyNetwork's Ethereum pool to their own address on other chains, such as Metis, Polygon, and BINANCE Smart Chain.
  • The hacker repeated this process for other chains that are supported by PolyNetwork, such as Heco and Avalanche, by using similar malicious parameters and exploiting similar vulnerabilities in the corresponding contracts.
  • This way, the hacker was able to mint billions of tokens on various blockchains that did not exist before and transfer them to their own wallet addresses.

At one point, the hacker’s wallet held over $42 billion worth of tokens (on paper) immediately following the hack. Impressively, despite the magnitude of this hack, the hacker was only able to convert a small portion of these tokens , which was worth about $400,000 in total.

Everything else had no liquidity and were essentially worthless.

According to @WuBlockchain

  • and 10B were issued on Metis,
  • was issued on Heco,
  • 87.5k COW, 999M , 636M STACK, 88.6M GM were issued on Polygon,
  • 378M STACK; 82.8M ; 11M SPAY, issued 89M GM on Avalanche, and
  • 8M METIS, 926M DOV, 978M SLD, and other assets were issued on BSC.

Address where the hacker sent the funds:

  • 0xfd3e731aff8b930337302f26eef015cfa022b778,
  • 0xc8ab4aa93949c377c32c069272425bd42738c42f,
  • 0x23f4ca51aa75d9d3f28888748d51417339cc671.

Thank you for reading through, and follow me here and on  for more regular post updates.

I’d also appreciate it if you shared this with your friends, who would enjoy reading this.

You can find my other research & investment thesis here: https://bit.ly/3CjMvoA

If you find this analysis useful, please consider donating to 0x34ddd9223D9DDb6B56F640824Af6FCC31e1deBF4.

Thank you.

 https://www.publish0x.com

Regulation and Society adoption

Events&meetings

Blockchain News

Ждем новостей

Нет новых страниц

Следующая новость

All content provided by the site, hyperlinks, related applications, forums, blogs, social networks and other information is taken from third-party sources and is intended for reference only. We make no warranties with respect to our content, including but not limited to accuracy and timeliness. No part of the content we provide is financial advice, legal advice or any other form of advice intended for any of your personal purpose. Any use of our content is entirely at your own risk. You should conduct your own research, review, analysis and verification of our content before relying on them. Trading is a very risky activity that can lead to large losses, so consult your financial Advisor before making any decision. No content on our site is a public offer or invitation to action.

This resource may contain 18+materials

© 2016-2024