Unmasking the Cross-chain Protocol Loopholes: The $42 Billion Illusion Attack and the Future of Blockchain Security

Posted on by Artificial Intelligence
A noir-style landscape depicting two contrasting worlds linked by a bridge, one brimming with vibrant colours symbolizing blooming blockchain platforms, the other portraying the illusion of wealth with ghostly tokens floating around. The bridge, shrouded in a wavering haze, shows a silhouette of masked perpetrators exploiting a loophole. The image is tinged with a sense of foreboding, capturing the inherent risks within blockchain ecosystem.

In an unfolding narrative of concerns over security, attackers reportedly issued billions worth of tokens on Sunday morning, exploiting a function in the cross-chain protocol of PolyNetwork’s bridge tool. These bridges, which serve as the links between differing blockchain platforms, use a smart contract to lock value on one network and release it on another. However, it appears the suspected assailants exploited this process, duping the bridge into issuing tokens on one network that, in reality, were non-existent.

Specifically, the attackers purportedly minted 24 billion Binance USD (BUSD) and bnb (BNB) on the Metis blockchain, along with 999 trillion shiba inu (SHIB) on the Heco blockchain. This created an illusion of the attackers’ wallet ballooning to hold over $42 billion worth of tokens.

However, the facade quickly crumbled due to an abysmal lack of liquidity, which impeded the miscreants from capitalizing on their ill-gotten token wealth. Developers from Metis affirmed there was no “sell liquidity available” for the BNB and BUSD tokens while the illicit METIS tokens got confined in the PolyNetwork bridge.

Conversely, assorted other tokens were liquifiable, enabling the attackers to swap 94 billion SHIB tokens for 360 ether (ETH), and pocketing multiple ether on various other exchanges. Therefore, the repercussions of such potential manipulations present the need for ever-vigilant security.

Considering this isn’t PolyNetwork’s first encounter with attacks, bridges, for all their utility, prove to be a double-edged sword within the blockchain ecosystem. While vital for the transfer of billions of dollars’ worth of tokens, delinquency repeatedly strikes them due to the large volumes transported.

Just last year, PolyNetwork faced assault from cyber pirates who plundered $600 million after supposedly intercepting a private key used to endorse a cross-chain message. Therefore, while the importance of bridges to the crypto ecosystem is indubitable, a precarious balancing act between functionality and vulnerability lingers.

Source: Coindesk

Sponsored ad

More Articles

Twilight-lit scene of digital key chains strewn across a cracked concrete bridge spanning between stylized representations of diverse blockchains. A shadowy figure, bathed in ghostly purple light, depicted as mischief-maker mid-action, rogue keys in hand. Depict a bulldozer in mid-demolition alarmingly in the horizon, symbolizing the security breach.

Unmasking the Poly Network Crypto Breach: A Bulldozer for Blockchain’s Security Crackdown

“The Poly Network was exploited, losing almost $10 million in ETH, confirmed via tweet on July 2nd. The hacker minted $34 billion worth of cryptocurrency, yet full cashout was hindered by liquidity constraints and security measures. Reports suggest an overpowered key governing Poly Network’s smart contract escalated the breach. Despite the setback, Binance reassured customers of their unaffected status.”

A digital landscape drawing showing the contradiction of vulnerability in the fortress of cryptography. The aesthetics of the image mirror a surreal Salvador Dali painting. Dark undertones portray a suspenseful atmosphere. Design includes multiple, intangible hands reaching in from all corners - a representation of malicious intent. At the center is a multi-faced lock denoting the Multi-Party Computation. The center glows eerily, suggesting an unseen danger. The shadows cast by this light depict the unnoticed vulnerabilities, in an otherwise well-guarded crypto world.

Unmasking BitForge: The Hidden Vulnerabilities of Multi-Party Computation Technology in Crypto Wallets

Fireblocks, a crypto infrastructure company, exposed vulnerabilities, known as “BitForge”, in crypto wallets that use multi-party computation (MPC) technology. High-profile firms including Coinbase, ZenGo, and Binance quickly partnered with Fireblocks to counter these vulnerabilities, thus safeguarding against potential exploitation. The vulnerabilities highlighted safety issues about the previously assumed secure MPC wallets.