VERDICT —OUT OF SCOPE
Root cause is private-key / signer compromise — the on-chain contract behaved exactly as written. No pre-deployment source audit or bytecode review reaches the key-custody perimeter; this is operational-security territory (HSM/MPC hygiene, key rotation, hot-wallet isolation). Bytecode would show nothing wrong.
▰ METHOD
PRIVATE KEY
PRIVATE-KEY
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
Polyhedra was exploited due to the compromise of the private keys, which resulted in a loss of 1,400,323 THENA tokens worth approximately $760,000. The contract was maliciously upgraded following the leakage of the private key of the administrator account. The exploiter swapped all of the stolen assets for 1,299 BNB tokens. According to the team, the incident resulted from intentional theft rather than a vulnerability in the contract itself. Attack method (per SlowMist): Private Key Leakage. Reported loss: $ 760,000.
Primary source
https://foresightnews.pro/news/detail/40607 ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Polyhedra
- bug_class
- private-key
- date_occurred
- 2024-03-12
- loss_usd
- $760,000
- source_id
- sm:polyhedra::2024-03-12
Related — same bug class· private-key