Poly Network Postmortem

Poly Network Hack - Full Post-Mortem

Executive Summary

The Poly Network exploit resulted in $611 million in stolen cryptocurrency, making it the largest cryptocurrency hack in history at the time.

What Happened

On August 11, 2021, an attacker compromised Poly Network's cross-chain infrastructure, stealing assets across three blockchain networks: Ethereum, Binance Smart Chain (BSC), and Polygon.

Attacker Wallets:

• ETH: 0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963

• BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71

• Polygon: 0x5dc3603C9D42Ff184153a8a9094a73d461663214

Technical Root Cause

The vulnerability centered on flawed access controls in Poly Network's cross-chain message relay system:

1. Unprotected Target Contracts: The EthCrossChainManager contract could execute calls to arbitrary targets without sufficient restrictions.

2. Missing Access Control: While the system checked that targets were contracts, it "forgot to prevent users from calling a very important target... the EthCrossChainData contract."

3. Function Signature Collision: The attacker exploited how Solidity identifies functions using 4-byte signature hashes. They crafted input data producing a sighash collision:

• Target function: putCurEpochConPubKeyBytes(bytes) = 0x41973cd9

• Attacker's crafted input: f1121318093(bytes,bytes,uint64) = 0x41973cd9

This collision allowed the attacker to invoke the privilege-escalation function without owning the private keys.

Attack Vector / Exploit Steps

1. Identify the verifyHeaderAndExecuteTx function in EthCrossChainManager, which anyone can call

2. Craft a cross-chain transaction targeting the EthCrossChainData contract

3. Engineer function signature data producing a 4-byte collision with the target's sighash

4. Trigger execution to call putCurEpochConPubKeyBytes() and modify public keys

5. Execute additional transactions to drain liquidity pools across three chains

Vulnerable Contracts:

• Ethereum: 0x250e76987d838a75310c34bf422ea9f1ac4cc906

• BSC: 0x05f0fDD0E49A5225011fff92aD85cC68e1D1F08e

• Polygon: 0x28FF66a1B95d7CAcf8eDED2e658f768F44841212

Financial Impact

Ethereum

• USDC: 96,389,444

• USDT: 33,431,197

• DAI: 673,227

• wETH: 26,109

• UNI: 43,023

• WBTC: 1,032

• renBTC: 14.47

• SHIBA: 259,737,345,149

BSC

• USDC: 87,603,373

• BNB: 6,613.44

• BTCB: 26,629

• ETH: 299

• BUSD: 1,023

Polygon

• USDC: 85,089,610

Total Loss: ~$611,000,000

Fund Recovery

The hacker eventually announced they were "READY TO SURRENDER" and began returning stolen assets. Tether froze all 33 million USDT stolen on the Ethereum chain.

Funds Returned (at time of writing):

• Ethereum: $2.6M

• BSC: $1.1M

• Polygon: $1M

Design Lessons

> "If you have cross-chain relay contracts like this, MAKE SURE THAT THEY CAN'T BE USED TO CALL SPECIAL CONTRACTS... Separate concerns. If your contract absolutely needs to have special privileges like this, make sure that users can't use cross-chain messages to call those special contracts."