In an unfolding narrative of concerns over security, attackers reportedly issued billions worth of tokens on Sunday morning, exploiting a function in the cross-chain protocol of PolyNetwork’s bridge tool. These bridges, which serve as the links between differing blockchain platforms, use a smart contract to lock value on one network and release it on another. However, it appears the suspected assailants exploited this process, duping the bridge into issuing tokens on one network that, in reality, were non-existent.
Specifically, the attackers purportedly minted 24 billion Binance USD (BUSD) and bnb (BNB) on the Metis blockchain, along with 999 trillion shiba inu (SHIB) on the Heco blockchain. This created an illusion of the attackers’ wallet ballooning to hold over $42 billion worth of tokens.
However, the facade quickly crumbled due to an abysmal lack of liquidity, which impeded the miscreants from capitalizing on their ill-gotten token wealth. Developers from Metis affirmed there was no “sell liquidity available” for the BNB and BUSD tokens while the illicit METIS tokens got confined in the PolyNetwork bridge.
Conversely, assorted other tokens were liquifiable, enabling the attackers to swap 94 billion SHIB tokens for 360 ether (ETH), and pocketing multiple ether on various other exchanges. Therefore, the repercussions of such potential manipulations present the need for ever-vigilant security.
Considering this isn’t PolyNetwork’s first encounter with attacks, bridges, for all their utility, prove to be a double-edged sword within the blockchain ecosystem. While vital for the transfer of billions of dollars’ worth of tokens, delinquency repeatedly strikes them due to the large volumes transported.
Just last year, PolyNetwork faced assault from cyber pirates who plundered $600 million after supposedly intercepting a private key used to endorse a cross-chain message. Therefore, while the importance of bridges to the crypto ecosystem is indubitable, a precarious balancing act between functionality and vulnerability lingers.
Source: Coindesk