CFTC Initiates Enforcement Sweep Targeting Opyn and Other DeFi Operations
Coinbase-Backed Insurance Disruptor OpenCover Launches on Layer 2 Blockchain
DeFi and Credit Risk
On Sunday morning, attackers exploited a smart contract function in the bridge tool of cross-chain protocol PolyNetwork, resulting in the issuance of several tokens worth billions.
Bridges enable users to seamlessly exchange tokens across different blockchains by leveraging smart contracts to lock the value on one network and release it on another.
The perpetrators behind the PolyNetwork attack likely employed sophisticated tactics to manipulate the functionality of the bridge, deceiving it into generating tokens on a particular network that, in actuality, had no existence.
The attackers successfully generated 24 billion Binance USD (BUSD) and BNB on the Metis blockchain, along with 999 trillion Shiba Inu (SHIB) on the Heco blockchain. Furthermore, they created millions of other tokens on different networks like Avalanche and Polygon. As a result, the attackers' wallet instantly accumulated tokens valued at over $42 billion (in theory) after the attack.
However, due to a severe lack of liquidity, the attackers were unable to convert their enormous token holdings into monetary value. The developers of Metis verified that there was no available "sell liquidity available" for the BNB and BUSD tokens, while the METIS tokens that were illicitly generated remained locked on the PolyNetwork bridge as imposed by the developers.
Nevertheless, despite the attacker's unsuccessful attempt, they managed to find a source of liquidity for various unlawfully-created tokens. As reported by analytics firm Lookonchain, the attacker successfully exchanged 94 billion SHIB tokens for 360 ether (ETH), 495 million COOK tokens for 16 ether, and 15 million RFuel tokens for 27 ether.
“We noticed that hackers are transferring assets and 1 $ETH to new wallets, most likely for sale,” Lookonchain added.
