Poly Chain Hack Postmortem

in crypto •  last year 

Poly Chain Hack Postmortem

On July 2nd, 2023 06:47:20 PM UTC Poly Network suffered what was initially reported to be a notional $34b hack (the actual realized amounts were far less, due to most of the tokens being illiquid). The Poly team paused their smart contracts EthCrossChainManager on several chains, most notably on Metis, BSC and Ethereum. After our team reconstructed the attack, we concluded that the root cause was not a logical bug on the smart contract, but, most likely, stolen (or misused) private keys of 3 out of 4 of Poly network's keepers (off-chain systems controlled by the team). In order to understand how the attack took place, we need to understand the architecture of Poly's cross-chain managers.

Read the article for the full grimy details.

Finally, it took Poly network 7 hours to react to today's attack, and in the meantime the attacker had orchestrated several transactions on multiple chains to exploit this.

If indeed the Poly network developers confirm the attack has to do with compromised signature keys, as is likely the case, this brings to question the suitability of centralized bridges controlling so much funds.

and... here's the sales pitch:

The attack also suggests less-than-perfect monitoring by the Poly network team of the underlying bridge. Had the protocol been set up with a fast monitoring solution, such as Dedaub Watchdog, this would have significantly reduced the reaction time and possibly saved some funds.

You can also follow the story here:

And follow the money here:

And, this made me smirk...

crypto news polynetwork exploit bridge multisig
last year by
79.37 BLURT
  • Past Payouts 79.37 BLURT
  • - Author 39.69 BP
  • - Curators 39.68 BP
11 votes $0.11
7
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE BLURT!
Sort Order:  
  • Trending
    • [-]
      ·  last year  ·  
    61.14 BLURT
    • Past Payouts 61.14 BLURT
    • - Author 30.57 BP
    • - Curators 30.57 BP
    2 votes    $0.18
    [-]
      ·  last year  ·  

    the dead are moving...

    56.93 BLURT
    • Past Payouts 56.93 BLURT
    • - Author 28.47 BP
    • - Curators 28.47 BP
    2 votes    $0.16
    [-]
      ·  last year  ·  

    inside jobs


    whole thread interesting

    55.68 BLURT
    • Past Payouts 55.68 BLURT
    • - Author 27.84 BP
    • - Curators 27.84 BP
    3 votes    $0.16
    [-]
      ·  last year  ·  

    This didn't age well


    with the paint still wet.

    54.06 BLURT
    • Past Payouts 54.06 BLURT
    • - Author 27.03 BP
    • - Curators 27.03 BP
    2 votes    $0.16
    [-]
      ·  last year  ·  

    shillin times.

    cascading multisig would mean knowing who is awake.

    54.75 BLURT
    • Past Payouts 54.75 BLURT
    • - Author 27.38 BP
    • - Curators 27.37 BP
    4 votes    $0.16
    [-]
      ·  last year  ·  

    This is fun, from the same people at Dedaub:
    I See Dead Code
    What if I told you that over one-third of recently-deployed Ethereum smart contracts consist mostly of unusable junk?

    One issue here, will be cases where the junk may still be exploited - where the dead are resurrected.

    52.97 BLURT
    • Past Payouts 52.97 BLURT
    • - Author 26.49 BP
    • - Curators 26.48 BP
    2 votes    $0.15
    [-]
      ·  last year  ·  

    zombie contracts!

    I see dead pools.

    55.84 BLURT
    • Past Payouts 55.84 BLURT
    • - Author 27.92 BP
    • - Curators 27.92 BP
    4 votes    $0.16