Poly Network Exploit Damage Control Measures
This article delves into the damage control measures undertaken by the Poly Network team in response to the exploit.
i. Losses Control
- Shut down contracts
We immediately shut down the CrossChainManager contracts for each chain on the mainnet so that the assets in the Lockproxy contracts will not be Unlocked anymore, and users will not be able to Lock the assets. This means that no more assets will be affected.
2. Contact the partner teams
We reached out to the partners with affected assets, notifying them to withdraw liquidity to prevent attackers from swapping other valuable assets through liquidity pools.
3. Contact exchanges
After confirming with particular partner teams, we contacted exchanges to disable the deposit and withdrawal functions for certain assets. This measure prevents attackers from depositing assets into exchanges, thereby mitigating the impact on the project ecosystem.
ii. Asset Tracking
- Security audits
Once we gained effective control over the remaining assets in the contract, we began analyzing the attackers’ transactions. We shared the attackers’ transaction data with multiple security audit projects to help identify potential vulnerabilities and monitor the attackers’ addresses.
2. Attacker identity tracking
By tracing the attacker’s on-chain GAS acquisition methods through the attacker’s address, we identified some related exchanges. We submitted the data to the respective exchanges, requesting their assistance in tracking the attacker.
iii. Vulnerability Analysis
Through cross-contract scanning of all transactions on the original and target chains, we conducted cross-chain txid comparisons and discovered modifications to cross-chain amounts. Further analysis of cross-chain parameters and the Poly Network Relay Chain transactions revealed the exploitation of the private keys of Poly Network Relay Chain validators, confirming that the attackers had obtained the validator’s private keys. We immediately contacted the old verifiers to change the relay chain validators, replacing them all with new ones.
iv. Project Recovery
- Change BookKeepers
After changing the validators on the Poly Network Relay Chain, we synchronized the new validator information to the CrossChainData contracts on all chains. This action rendered the old validator private keys held by the attacker completely ineffective in influencing cross-chain capabilities.
2. Recovery of unaffected chains
After communicating with the projects on unaffected chains, some requested a swift recovery. We restored the cross-chain services for Switcheo, Palette, and Zilliqa.
3. Recovery of unaffected cross-chain collaborators
For projects using Poly Network for cross-chain, and whose Lockproxy contracts were not attacked, we gradually restored cross-chain services for Flamingo and O3swap. This included the recovery of 14 chains: Ethereum, BNB Chain, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, N3, Cube, Metis, Bitgert, Celo, KCC, and Astar.
4. Subsequent recovery
Some less affected projects are still in communication with us regarding recovery. We will continue to actively follow up and assess projects to ensure that appropriate measures are taken under secure conditions.
v. Security Reinforcement
For full details, please read our blog post: Poly Bridge Cross-Chain Security Reinforcement Solution