Poly Network: Cross-chain Message Forgery — Privileged Contract Caller Manipulation
Poly Network lost $611M — the largest crypto hack ever at the time — when an attacker exploited a cross-chain message routing flaw to replace the bridge's keeper keys with their own, then returned every dollar days later claiming it was done "for fun."
Summary #
Poly Network suffered a Cross-chain Bridge on 2021-08-11, resulting in a loss of approximately $611M.
What happened #
Poly Network lost $611M — the largest crypto hack ever at the time — when an attacker exploited a cross-chain message routing flaw to replace the bridge's keeper keys with their own, then returned every dollar days later claiming it was done "for fun."
Linked factors #
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]