On July 2, a hacker managed to exploit the Poly Network cross-chain protocol, issuing billions of dollars worth of coins across different blockchains. 10 billion BUSD, almost 100 million BNB, and 999 trillion SHIB were “created”. However, due to low liquidity, the attacker's actual profit amounted to just over $10 million.
The complete list of the affected coins and blockchains can be found here.
In response to the incident, Poly Network developers suspended the protocol and reached out to centralized exchanges and law enforcement agencies to assist in the investigation.
Security firm Beosin noted that the attacker's address made transfers to cover transaction fees from the Kucoin and Bybit exchanges, which could potentially provide leads for identifying the criminal.
This isn't the first security breach for Poly Network. In August 2022, hackers stole $600 million. However, they returned all the funds two weeks later.
Technical details explaining the circumstances of the incident can be found in this thread. It appears that the compromise of certain addresses controlling the protocol’s private keys played a role in the breach.
