On July 2nd, 2023 06:47:20 PM UTC Poly Network suffered what was initially reported to be a notional $34b hack (the actual realized amounts were far less, due to most of the tokens being illiquid). The Poly team paused their smart contracts EthCrossChainManager on several chains, most notably on Metis, BSC and Ethereum. After our team reconstructed the attack, we concluded that the root cause was not a logical bug on the smart contract, but, most likely, stolen (or misused) private keys of 3 out of 4 of Poly network's keepers (off-chain systems controlled by the team). In order to understand how the attack took place, we need to understand the architecture of Poly's cross-chain managers.
Read the article for the full grimy details.
Finally, it took Poly network 7 hours to react to today's attack, and in the meantime the attacker had orchestrated several transactions on multiple chains to exploit this.
If indeed the Poly network developers confirm the attack has to do with compromised signature keys, as is likely the case, this brings to question the suitability of centralized bridges controlling so much funds.
and... here's the sales pitch:
The attack also suggests less-than-perfect monitoring by the Poly network team of the underlying bridge. Had the protocol been set up with a fast monitoring solution, such as Dedaub Watchdog, this would have significantly reduced the reaction time and possibly saved some funds.
You can also follow the story here:
And follow the money here:
And, this made me smirk...
brittle...
Multichain Breach Forces Circle to Freeze $63 Million in USDC
... and vulnerable.
the dead are moving...
inside jobs
whole thread interesting
This didn't age well
with the paint still wet.
shillin times.
cascading multisig would mean knowing who is awake.
This is fun, from the same people at Dedaub:
I See Dead Code
What if I told you that over one-third of recently-deployed Ethereum smart contracts consist mostly of unusable junk?
One issue here, will be cases where the junk may still be exploited - where the dead are resurrected.
zombie contracts!
I see dead pools.