Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The Poly Network, a cross-chain interoperability protocol, was attacked again. This attack affected 58 assets on 11 blockchains. According to SlowMist analysis, Poly Network hackers have profited over $10 million worth of mainstream assets. The attackers implanted a Trojan virus into the program compilation environment, allowing them to acquire the consensus keys of Poly Network’s Relay Chain. Subsequently, they utilized these keys to forge cross-chain transactions. The hackers implanted a Trojan horse code block during the program compilation process, obtaining and uploading consensus keys during program startup. They then employed these keys to sign the block header of the forged Poly Network’s Relay Chain, ultimately submitting the forged cross-chain transactions and block header to the target chain to execute the cross-chain exploit. Attack method (per SlowMist): Trojan horse virus. Reported loss: $ 10,000,000.
- chain
- —
- protocol
- Poly Network
- bug_class
- bridge
- date_occurred
- 2023-07-02
- loss_usd
- $10,000,000
- source_id
- sm:poly-network::2023-07-02