Cointime

Cointime

Download App
iOS & Android

SharkTeam: PolyNetwork attack principles and asset transfer analysis

On July 2nd, Poly Network was attacked, and assets worth over three billion dollars were minted across multiple chains. The attacker has already profited approximately 10 million dollars. Through analysis, we have discovered that the attacker had already attempted an attack on April 28th, but it was unsuccessful at that time. On July 2nd, they carried out the attack again and succeeded. SharkTeam has analyzed the attack principles and the current fund transfer patterns employed by the hacker.

1. Analysis of Attack Principle

Take an attack transaction on Ethereum as an example

Attacker address:

0x906639ab20d12a95a8bec294758955870d0bb5cc

Attacked contract:

0x250e76987d838a75310c34bf422ea9f1AC4Cc906

Attack transactions:

0x1b8f8a38895ce8375308c570c7511d16a2ba972577747b0ac7ace5cc59bbb1c4

Attack process:

1. The attacker (0x906639ab) calls the lock function of the attacked contract (0x250e7698) to lock 0.000000000000001 LEV coins

2. Then the attacker (0x906639ab) called verifyHeaderAndExecuteTx of the attacked contract (0x250e7698), and directly extracted a large amount of LEV coins, which obviously did not match the locked amount

3. Then the attacker (0x906639ab) calls verifyHeaderAndExecuteTx of the attacked contract (0x250e7698) again to extract a large amount of LEV coins.

The root cause of the attack is that the hacker obtained the signatures of 3 of the 4 EOA accounts in the multi-signed contract, and then realized the withdrawal and additional issuance operations. Hackers are highly likely to obtain private keys or signatures through social engineering means such as phishing or APT attacks.

2. Analysis of asset transfer mode

As analyzed above, this is a long-planned attack against PolyNetwork, not an attack that exploits an accidental contract loophole. It is very different from the reason why Poly Network was attacked last year. Hackers had already implemented the exact same attack on April 28 this year, but it was not successful. The success of the attack on July 2 is probably because the hackers successfully obtained sufficient signature authority or private information during this period. key (3/4)

At present, the estimated loss due to this attack exceeds 10 million US dollars. Through the analysis of asset transfers, we found that hackers are conducting asset transfers that are well-planned and organized.

Attacker address:

0xe0Afadad1d93704761c8550F21A53DE3468Ba599

The main assets have been transferred to the following 21 Ethereum addresses after July 2 and July 3:

0xc8Ab4aa93949c377C32c069272425bd42738C42F

0x23f4CA51aa75d9d3f28888748d514173394Cc671

0xfD3E731AFf8B930337302f26EEf015CFA022b778

0x3d66756BE05b9A54138530c3e5103A7A489E7047

0x2F6C25E3c93c0FC7fdDe2Ece8e370AE152a57B82

0xB69F28D84497107c2740471926Cc258BA1B855e9

0x85ef23553eae46eE8759Ee347D2b2fb1ee99bB60

0xbf6302Cbb051e1579Fe0eE116daf708739Ca4aE6

0x21f1628F288fc54c61284CFDc8275DAf7d057118

0x6893D0DE6746ffae0CDc94916F98B03E566B67a5

0xbCAC1C15AFEA9cd5a4879c8a476BC6494d544eb6

0xe5fa7E2AEC791Da10c5D5F397c4013e7C42dDAb9

0x9D8195f3DcC357Cd0A14De2609C9bB7e82831d66

0x5979fbfe759f77287B4F8129CD3949d6bD87A9f9

0x8d62f78a18AB68C7808183609B25b29e476b3573

0x8D72F9597571b6f1BA416beFf61Ef204732446a7

0xF3066Df075eFBCa47963e8E883E4055C02B0eb8A

0x9E98612E0ABB4E2034D2dE7f23Cf56644E56F89b

0x38aD785acF804c070a2DEc73cFbf85F4C08fD913

0x211AE110E2318c7cfA9391B390E5021709218D12

0x1417ba048C1FB874b00f519D5Ef68E8955bbe729

The amount and types are relatively scattered, just to prepare for subsequent money laundering, and most of them are new addresses, with little interaction with other exchanges, so the difficulty of asset recovery this time will be relatively large. SharkTeam has monitored these asset transfer addresses, and if there is any change in the account, it will be alerted and synchronized as soon as possible.

About us

SharkTeam’s vision is to comprehensively protect the security of the Web3 world. The team is composed of experienced security professionals and senior researchers from all over the world. They are proficient in the underlying theory of blockchain and smart contracts, and provide services including smart contract auditing, on-chain analysis, and emergency response. It has established long-term cooperative relationships with key players in various fields of the blockchain ecosystem, such as Polkadot, Moonbeam, polygon, OKC, Huobi Global, imToken, ChainIDE, etc.
Official website: https://www.sharkteam.org/
Twitter: https://twitter.com/sharkteamorg
Discord: https://discord.gg/jGH9xXCjDZ
Telegram: https://t.me/sharkteamorg

SharkTeam Web3
Comments

All Comments

Recommended for you

  • US Spot Ethereum ETF Sees Net Outflow of $4.93 Million

    On June 13, according to monitoring by Trader T, the US spot Ethereum ETF experienced a net outflow of $4.93 million yesterday.

  • US Spot Bitcoin ETF Sees Net Inflow of $85.82 Million Yesterday

    On June 13, according to monitoring by Trader T, the US spot Bitcoin ETF recorded a net inflow of $85.82 million yesterday.

  • U.S. Bans Foreign Access to Fable 5 and Mythos 5; Anthropic Issues Detailed Rebuttal

    On June 13, Anthropic issued a statement announcing that the U.S. government, citing national security powers, has released an export control directive requiring the suspension of all access to the AI models Fable 5 and Mythos 5 by foreign entities, regardless of whether the individuals are within the U.S., including Anthropic employees who are foreign nationals. The practical effect of this order is that we must immediately disable access to Fable 5 and Mythos 5 for all customers to ensure compliance. Access to all other Anthropic models will not be affected. We received the government's directive at 5:21 PM (Eastern Time) today. The letter did not specify the details of its national security concerns. Our understanding is that the government believes it has become aware of a method to bypass or 'jailbreak' Fable 5. So far, the government has only provided us with verbal evidence suggesting the existence of a potential narrow, non-general jailbreak, essentially by requiring the model to read specific code libraries and fix any software defects. We are complying with the government's legitimate directive and are in the process of removing all users' access to Fable 5 and Mythos 5. However, we disagree with the conclusion that 'a narrow potential jailbreak vulnerability should be the reason to recall commercial models deployed to hundreds of millions of users.' (Jinshi)

  • Iranian Foreign Minister: Iran-U.S. Memorandum of Understanding May Be Signed in Days

    On June 13, Iranian media reported that Iranian Foreign Minister Amir-Abdollahian stated that once the final stage of negotiations between Iran and the U.S. is completed, the memorandum of understanding will be signed and announced immediately. The first phase will be signed electronically from a distance, "which may happen in the coming days." (Xinhua News Agency)

  • U.S. Officials: U.S. and Iran Close to Agreement, Signing Expected in Coming Days

    On June 13, Reuters reported that a senior U.S. official stated on Friday local time that the U.S. and Iran have not yet truly reached the finish line, but are very close to finalizing an agreement to resolve their conflicts. Washington expects to sign the agreement in the coming days. 'The negotiating team has put us in a very favorable position, but we still need to see, we haven't really reached the finish line, but we are very close,' the U.S. official said. The official noted that the agreed terms achieve a core goal of Trump. The memorandum of understanding includes the reopening of the Strait of Hormuz and the lifting of U.S. blockades on Iranian ports. Iran's highly enriched uranium will also be destroyed on-site and subsequently removed from the country. 'Iran will not gain anything from signing the memorandum or from the negotiations themselves,' the official said. 'They will receive economic rewards for fulfilling the obligations set forth in the agreement. Therefore, if they commit to handing over nuclear materials, they will gain something. If they dismantle their nuclear program or facilities, they will receive additional benefits.'

  • Iran's Foreign Ministry: Iran is Reviewing Draft Memorandum of Understanding

    On June 13, local time on the 12th, Iranian Foreign Ministry spokesperson Baghaei stated that Iran and the United States have reached an understanding on most issues, and Iran is currently in the final stages of compiling the text of the memorandum of understanding. Therefore, the previous statement by Iranian Foreign Minister Amir-Abdollahian that 'the two sides are very close to reaching an understanding' is accurate and noteworthy. Meetings of relevant decision-making bodies are ongoing, and this is a process that is being continuously advanced. To achieve a final and decisive outcome, consensus must be formed among decision-making bodies and relevant departments. Baghaei also mentioned that various speculations regarding the content of the agreement text have not been confirmed. Although specific details of the diplomatic process cannot be publicly discussed at this time, this does not mean that the public does not have the right to be informed. (CCTV News)

  • SpaceX Opens at $150 on First Day of Trading, IPO Price Set at $135

    On June 12, SpaceX opened at $150 on its first day of trading, with an IPO price set at $135.

  • Iranian Foreign Minister Claims Iran and US 'Have Never Been Closer' to Memorandum of Understanding

    On June 12, Iranian Foreign Minister Amir-Abdollahian stated on social media that Iran and the US 'have never been closer' to reaching a memorandum of understanding. He urged the media to refrain from speculating on its contents before finalization. The Iranian side will disclose all details in due course. (CCTV News)

  • BTC Surpasses $64,000

    Market data shows that BTC has surpassed $64,000, currently priced at $64,107.99, with a 24-hour increase of 2.18%. The market is experiencing significant volatility, so please ensure proper risk management.

  • Web3 data and AI company Validation Cloud completes $10 million in new round of financing

     Web3 data and AI company Validation Cloud announced a $10 million financing round from True Global Ventures. The company plans to use the funds to expand its AI products and achieve seamless access to Web3 data.

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company