The initial analysis of the PolyNetwork Hack

Transaction and call trace

  • 0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963: Attacker
  • 0x838bf9e95cb12dd76a54c9f9d2e3082eaf928270: EthCrossChainManager
  • 0xcf2afe102057ba5c16f899271045a0a37fcb10f2: EthCrossChainData
  • 0x250e76987d838a75310c34bf422ea9f1ac4cc906: LockProxy
  • 0x5a51e2ebf8d136926b9ca7b59b60464e7c44d2eb: managerProxyContract for LockProxy
  • d450e04c (verifyHeaderAndExecuteTx)
  • 69d48074 (getCurEpochConPubKeyBytes)
  • 5ac40790 (getCurEpochStartHeight)
  • 0586763c (checkIfFromChainTxExist)
  • e90bfdcf (markFromChainTxExist(uint64,bytes32))

The main process of the attack

Function: verifyHeaderAndExecuteTx:




  1. The attacker provides a valid signed message to the function verifyHeaderAndExecuteTx
  2. The onlyManagerContract modifier in the LockProxy smart contract is NOT bypassed.
  1. The attacker may have the legitimate keys to sign the messages, which indicate the signing keys may have been leaked.




A Blockchain Security and Data Company.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Walking the privacy tightrope across the Atlantic

AXS Grave Incoming

{UPDATE} ましろウィッチ Hack Free Resources Generator

How to win the jackpot of NXDF

10 Hacking Tools You Think Would be Illegal But are for Sale Online

Xiden Blockchain | Device Integration. Validator & Booster Roles. Monetizing IoT

JSON Web Token based Authentication — JWT

Introduction to IoT Hardware Hacking

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


A Blockchain Security and Data Company.

More from Medium

Reverse Engineering on CryptoCars GameFi

How to Make the BlockChain Attack “Blockable”

Beosin’s Full Analysis of Build Finance’s Governance Takeover Incident: the Hacker Has Profited…

Why does Olympus DAO work