Poly Network located the cause of the vulnerability. The hacker exploited a vulnerability between contract calls, not the private key lost as mentioned. We will release more information later.