On July 2nd, Poly Network experienced an attack across 11 supported chains that has caused it to suspend its services until further notice. The attacker managed to steal approximately 5,196 ETH – a value in the range of US $10M. The Neo blockchain was not compromised in the event, and Neo has advised that all Neo assets remain secure.
As a precaution, several Neo blockchain projects, including Flamingo Finance, O3 Labs, and GhostMarket have temporarily halted their services.
An Attack on Poly Network
Poly Network announced the attack via Twitter on July 2nd. The protocol team suspended its services while engaging with relevant parties and assessing the extent of the affected assets. Poly Network further called on the support of cybersecurity professionals and the wider community in resolving the issue.
Poly Network has also initiated communication with centralized exchanges and law enforcement agencies and called on the attacker to cooperate and return the stolen user assets. It also urged project teams to withdraw liquidity from decentralized exchanges and advised users holding the affected assets to withdraw liquidity and unlock their LP tokens.
Neo Ecosystem Response
Upon news of the Poly Network attack, several projects on the Neo blockchain temporarily paused their services as the incident is being investigated and resolved.
Neo officially announced the temporary suspension of its cross-chain bridge service. It reassured users that all assets on Neo were secure and that it would closely monitor the situation and maintain communication with Poly Network.
Flamingo Finance, while investigating the potential implications of the attack, assured its community that the hack did not affect the Neo network or Flamingo itself. The only impact was the temporary pause of cross-chain functionality.
O3 Labs also temporarily suspended Poly Network-based cross-chain services within O3 Swap. It reassured users that their funds were secure and asked them to await the recovery of the cross-chain protocol.
GhostMarket took to Discord to communicate that it had paused all GM token contracts pending more information, promising to provide updates as soon as more details emerged.
As of now, Poly Network has not yet provided further information on how the attack was carried out or when the service may be resumed.
Poly Network was also the victim of an attack in October 2021, however Neo assets were similarly unaffected in the previous event.