Poly Network Attacker Issues 'Worthless' Billions in SHIB, BNB, BUSD in Latest Crypto Hack

An estimated $4 billion worth of malicious token issuances on PolyNetwork will not bear much money for attackers due to low liquidity and security precautions.

AccessTimeIconJul 2, 2023 at 7:22 a.m. UTC
Updated Jul 2, 2023 at 1:42 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Attackers issued billions worth of several tokens on Sunday morning after exploiting a smart contract function in cross-chain protocol PolyNetwork’s bridge tool.

Bridges allow users to swap tokens between different blockchains using a smart contract by locking value on one network, and releasing it on another.

PolyNetwork attackers were likely able to manipulate the way the bridge works and trick it into issuing tokens on one network which, in reality, did not exist.

Attackers minted 24 billion binance usd (BUSD) and bnb (BNB) on the Metis blockchain, 999 trillion shiba inu (SHIB) on the Heco blockchain, and millions of other tokens on various other networks, such as Avalanche and Polygon. This meant the attackers’ wallet held over $42 billion worth of tokens (on paper) immediately following the attack.

But an abject lack of liquidity prevented the attackers from monetizing the gigantic token stash. Metis developers confirmed there was no “sell liquidity available” for the BNB and BUSD, while the illicitly-issued METIS tokens were locked on the PolyNetwork bridge by developers.

However, the attacker found liquidity for other illicitly-minted tokens and was able to exchange 94 billion SHIB tokens for 360 ether (ETH), 495 million COOK for 16 ether and 15 million RFuel for 27 ether, analytics firm Lookonchain said.

“We noticed that hackers are transferring assets and 1 $ETH to new wallets, most likely for sale,” Lookonchain added.

Sunday’s attack was the second time PolyNetwork had been targeted by attackers. The protocol was exploited for $600 million in August 2021 – a then record hack – after the alleged leak of a private key that was used to sign a cross-chain message. As such, bridges remain a key, yet vulnerable, part of the crypto ecosystem: They are important for enabling the transfer of billions of dollars worth of tokens between various networks but have been the topmost target for attacks and hacks in the industry’s history.

Edited by Aoyon Ashraf.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Shaurya Malwa

Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.



Read more about