PolyNetwork Hacked Possibly Due To Stealing 3/4 Of Admin’s Private Key: Report
- Security firm Dedaub reckons that three-quarters of an administrator’s private key being stolen led to the carnage on PolyNetwork.
- However, the cause could be Rug Pull or offline software running on three of the four admins was compromised.
- The Poly team has paused their EthCrossChainManager smart contract on several chains, notably Metis, BSC, and Ethereum.
Research by security firm Dedaub said that the root cause of PolyNetwork attack could be the theft of three-quarters of the administrator’s private key.
Security firm Dedaub stated in a blog post that the root cause of the attack on the PolyNetwork cross-chain interaction protocol was not a logic error in the smart contract but most likely 3/4 errors in smart contracts. Poly Administrator’s private key has been stolen or misused.
Dedaub also mentioned that it took PolyNetwork seven hours to respond to the attack, while the attacker orchestrated several transactions across multiple chains to take advantage of this. So far, there is no clear evidence that the private keys were stolen. It could be Rug Pull, or maybe offline software running on three of the four admins was compromised.
Suppose Poly developers confirm that the attack is linked to a compromised signing key. In that case, it raises questions about the applicability of a centralized cross-chain bridge that controls a lot of money.
The attack also showed less-than-perfect monitoring of the Poly group of the underlying bridge. If the protocol has been established with a rapid monitoring solution, this will significantly reduce the response time and potentially save some affected money.
It was reported yesterday that hackers had released over a dozen assets across several chains through Poly Network, worth $35 billion. The Poly team has paused their EthCrossChainManager smart contract on several chains, most notably on Metis, BSC, and Ethereum.
There are reports that the attackers have transferred more than $5 million in cryptocurrencies on chains like Ethereum.
This is not the first time PolyNetwork has been hacked. Previously on August 10, 2021, caused more than $600 million in damage, but fortunately, the amount was refunded.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu