Attackers were likely able to manipulate the way the bridge works and trick it into issuing tokens on one network which, in reality, did not exist, and Sunday’s attack was the second time PolyNetwork had been targeted by attackers, are two of the key takeaways from Sunday morning’s attack on the cross-chain protocol PolyNetwork’s bridge tool. Attackers were able to mint 24 billion Binance USD (BUSD) and BNB (BNB) on the Metis blockchain, 999 trillion Shiba Inu (SHIB) on the Heco blockchain, and millions of other tokens on various other networks, such as Avalanche and Polygon. This meant the attackers’ wallet held over $42 billion worth of tokens (on paper) immediately following the attack.
However, the attacker found liquidity for other illicitly-minted tokens and was able to exchange 94 billion SHIB tokens for 360 Ether (ETH), 495 million COOK for 16 Ether and 15 million RFuel for 27 Ether, according to analytics firm Lookonchain. The lack of liquidity for the BNB and BUSD tokens meant they were locked on the PolyNetwork bridge by developers.
The attack is the second time PolyNetwork has been targeted by attackers, with the protocol being exploited for $600 million in August 2021. Bridges remain a key, yet vulnerable, part of the crypto ecosystem, as they are important for enabling the transfer of billions of dollars worth of tokens between various networks but have been the topmost target for attacks and hacks in the industry’s history.