PolyNetwork Attacker Exploits Smart Contract Function, Issues "Worthless" Billions in SHIB, BNB, BUSD

PolyNetwork Attacker Exploits Smart Contract Function, Issues “Worthless” Billions in SHIB, BNB, BUSD

Attack on PolyNetwork Unleashes Billions in Malicious Tokens

In a recent crypto hack, attackers have managed to issue approximately $4 billion worth of malicious tokens on the cross-chain protocol PolyNetwork. However, due to low liquidity and security precautions, these tokens are unlikely to yield substantial profits for the perpetrators.

Dear users, we would like to inform you that Poly Network is temporarily suspending its services due to a recent attack. We are actively engaging with relevant parties and diligently assessing the extent of the affected assets. 【1/3】
— Poly Network (@PolyNetwork2) July 2, 2023

Exploiting Bridge Tool Functionality for Illicit Token Issuances

The attackers targeted PolyNetwork’s bridge tool, which enables users to swap tokens between different blockchains using a smart contract. By exploiting a smart contract function, the attackers manipulated the bridge’s operation, tricking it into issuing non-existent tokens on one network.

Tokens Minted Across Multiple Blockchains

The attackers successfully minted billions of tokens across various blockchains. Specifically, they created 24 billion Binance USD (BUSD) and BNB on the Metis blockchain, 999 trillion Shiba Inu (SHIB) on the Heco blockchain, and millions of other tokens on networks like Avalanche and Polygon. As a result, the attackers’ wallet initially held tokens worth over $42 billion on paper.

Limited Liquidity Hinders Monetization Efforts

Despite the substantial token stash, the attackers faced significant hurdles in monetizing their ill-gotten gains. Developers from Metis confirmed the absence of sell liquidity for BNB and BUSD. Additionally, the illicitly minted METIS tokens were locked on the PolyNetwork bridge by the developers, further impeding any potential monetization.

We are aware of Polybridge’s ongoing situation, and are currently in contact with the PolyNetwork team to minimize the impact of the attack and further asses the situation.

In regards to the newly minted BNB and BUSD on Metis, there is no sell liquidity available.

All funds on…
— Metis🌿 (@MetisL2) July 2, 2023

Limited Success in Token Exchange

Nevertheless, the attackers did manage to find liquidity for some of the illicitly minted tokens. Analytics firm Lookonchain reported that the attackers exchanged 94 billion SHIB tokens for 360 ether (ETH), 495 million COOK for 16 ether, and 15 million RFuel for 27 ether. The firm also noted the movement of assets and ETH to new wallets, indicating a potential intent to sell.

Conclusion

While the PolyNetwork attackers successfully issued billions of malicious tokens across different blockchains, their ability to convert these tokens into substantial profits remains severely limited due to low liquidity and security measures. The hunt for the attackers and the recovery of the stolen funds continue as the crypto community works to prevent such incidents in the future.