Share this article
Poly Network Attacker Issues 'Worthless' Billions in SHIB, BNB, BUSD in Latest Crypto Hack
An estimated $4 billion worth of malicious token issuances on PolyNetwork will not bear much money for attackers due to low liquidity and security precautions.
Updated Jul 2, 2023, 1:42 p.m. Published Jul 2, 2023, 7:22 a.m.
Attackers issued billions worth of several tokens on Sunday morning after exploiting a smart contract function in cross-chain protocol PolyNetwork’s bridge tool.
Bridges allow users to swap tokens between different blockchains using a smart contract by locking value on one network, and releasing it on another.
STORY CONTINUES BELOW
PolyNetwork attackers were likely able to manipulate the way the bridge works and trick it into issuing tokens on one network which, in reality, did not exist.
Attackers minted 24 billion binance usd (BUSD) and bnb on the Metis blockchain, 999 trillion on the Heco blockchain, and millions of other tokens on various other networks, such as Avalanche and Polygon. This meant the attackers’ wallet held over $42 billion worth of tokens (on paper) immediately following the attack.
But an abject lack of liquidity prevented the attackers from monetizing the gigantic token stash. Metis developers confirmed there was no “sell liquidity available” for the BNB and BUSD, while the illicitly-issued METIS tokens were locked on the PolyNetwork bridge by developers.
All minted METIS tokens from PolyBridge have been locked on BNBChain by PolyNetwork and have limited liquidity.
— Metis 🌿 (@MetisDAO) July 2, 2023
However, the attacker found liquidity for other illicitly-minted tokens and was able to exchange 94 billion SHIB tokens for 360 ether , 495 million COOK for 16 ether and 15 million RFuel for 27 ether, analytics firm Lookonchain said.
“We noticed that hackers are transferring assets and 1 $ETH to new wallets, most likely for sale,” Lookonchain added.
Sunday’s attack was the second time PolyNetwork had been targeted by attackers. The protocol was exploited for $600 million in August 2021 – a then record hack – after the alleged leak of a private key that was used to sign a cross-chain message. As such, bridges remain a key, yet vulnerable, part of the crypto ecosystem: They are important for enabling the transfer of billions of dollars worth of tokens between various networks but have been the topmost target for attacks and hacks in the industry’s history.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
New React bug that can drain all your tokens is impacting 'thousands of' websites
Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and potentially intercepting wallet interactions on crypto platforms.
What to know:
- A critical vulnerability in React Server Components, known as React2Shell, is being actively exploited, putting thousands of websites at risk, including crypto platforms.
- The flaw, CVE-2025-55182, allows remote code execution without authentication and affects React versions 19.0 through 19.2.0.
- Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and potentially intercepting wallet interactions on crypto platforms.
Top Stories
