Poly Network Exploit Damage Control Measures

Poly Network
3 min readJan 3, 2024

This article delves into the damage control measures undertaken by the Poly Network team in response to the exploit.

i. Losses Control

  1. Shut down contracts

We immediately shut down the CrossChainManager contracts for each chain on the mainnet so that the assets in the Lockproxy contracts will not be Unlocked anymore, and users will not be able to Lock the assets. This means that no more assets will be affected.

2. Contact the partner teams

We reached out to the partners with affected assets, notifying them to withdraw liquidity to prevent attackers from swapping other valuable assets through liquidity pools.

3. Contact exchanges

After confirming with particular partner teams, we contacted exchanges to disable the deposit and withdrawal functions for certain assets. This measure prevents attackers from depositing assets into exchanges, thereby mitigating the impact on the project ecosystem.

ii. Asset Tracking

  1. Security audits

Once we gained effective control over the remaining assets in the contract, we began analyzing the attackers’ transactions. We shared the attackers’ transaction data with multiple security audit projects to help identify potential vulnerabilities and monitor the attackers’ addresses.

2. Attacker identity tracking

By tracing the attacker’s on-chain GAS acquisition methods through the attacker’s address, we identified some related exchanges. We submitted the data to the respective exchanges, requesting their assistance in tracking the attacker.

iii. Vulnerability Analysis

Through cross-contract scanning of all transactions on the original and target chains, we conducted cross-chain txid comparisons and discovered modifications to cross-chain amounts. Further analysis of cross-chain parameters and the Poly Network Relay Chain transactions revealed the exploitation of the private keys of Poly Network Relay Chain validators, confirming that the attackers had obtained the validator’s private keys. We immediately contacted the old verifiers to change the relay chain validators, replacing them all with new ones.

iv. Project Recovery

  1. Change BookKeepers

After changing the validators on the Poly Network Relay Chain, we synchronized the new validator information to the CrossChainData contracts on all chains. This action rendered the old validator private keys held by the attacker completely ineffective in influencing cross-chain capabilities.

2. Recovery of unaffected chains

After communicating with the projects on unaffected chains, some requested a swift recovery. We restored the cross-chain services for Switcheo, Palette, and Zilliqa.

3. Recovery of unaffected cross-chain collaborators

For projects using Poly Network for cross-chain, and whose Lockproxy contracts were not attacked, we gradually restored cross-chain services for Flamingo and O3swap. This included the recovery of 14 chains: Ethereum, BNB Chain, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, N3, Cube, Metis, Bitgert, Celo, KCC, and Astar.

4. Subsequent recovery

Some less affected projects are still in communication with us regarding recovery. We will continue to actively follow up and assess projects to ensure that appropriate measures are taken under secure conditions.

v. Security Reinforcement

For full details, please read our blog post: Poly Bridge Cross-Chain Security Reinforcement Solution

For more info about Poly Network

Website | Telegram | Medium | Twitter | Discord | Github

--

--

Poly Network

Enhancing connections between ledgers by providing interoperability in Web 3.0.