Poly Network — Roadmap for the Next Phase

Published in

Poly Network

3 min readAug 14, 2021

Asset security is the sword of Damocles that hangs over the entire crypto industry, and it is truly unfortunate that a system vulnerability within the Poly Network has come forward in this way. We, the entire Poly team, would like to express our deepest apologies to all our users. Meanwhile, the team has received support, cooperation, and assistance from various parties in the process of handling the situation after the incident happened. We would like to express our sincere gratitude to these institutions for sticking with us in ensuring and maintaining asset security.

Tether, DiscusFish, Binance,Huobi, Hoo.com, Bibox, Okex, FTX, BSC, Heco, Polygon, SlowMist, PeckShield, Circle, WBTC, MetaMask

With the aim of ensuring complete, safe, and smooth asset recovery, we would like to briefly share Poly Network’s roadmap for resuming operations and fully recovering user assets in the coming phases.

1. Patching Vulnerabilities

At the time of this announcement, we have completed the necessary fixes, and have started working with multiple security and audit groups to go over the entirety of the code in which vulnerabilities were found. We also plan on launching a new global bounty program to encourage more security agencies and white hat organizations to participate in the audit of Poly Network’s core functions.

This is the PR to fix vulnerability https://github.com/polynetwork/eth-contracts/pull/12/files

PeckShield：https://peckshield.medium.com/polynetwork-bug-review-and-patch-analysis-88bde8441297

BlockSecTeam：https://blocksecteam.medium.com/the-informal-security-review-of-the-patch-of-the-poly-network-1a0a532b731e

2. Mainnet Upgrade

For security reasons, we will resume operations with a mainnet upgrade and restore the basic cross-chain functions post-audit at the earliest, while postponing the activation of other advanced functionality.

3. Project Launch

After receiving the audit reports, we will gradually restore the cross-chain service for all the projects that are part of the Poly Network. The first set of projects for whom cross-chain channels will be resumed fall in the following two categories.

a. Newly launched projects, i.e., projects that have completed testing on the Poly testnet and have not been affected by this incident. We will get in touch with these projects individually and get started with testing.

b. Uninfluenced projects, i.e., for the projects that are already using Poly Network services and have not received any impact on their assets. We will open a channel that these projects can use for submitting applications as soon as possible.

4. Asset Recovery

In the past few days, Poly Network has received unprecedented attention, and has been subject to questioning and doubts. However, with the cooperation of Mr. “White Hat” and the support and assistance of all other parties, the entire incident has now arrived at a provisional result, but we still have a long way ahead of us before we can finally return the control of the assets back to users. The current status of the affected assets is as follows.

a. Approximately $238 million is currently being transferred to 3/4 multi-signature wallets, while we still wait for Mr. “White Hat” to provide his private key authorization.

b. Approximately $33 million USDT is frozen, and Poly Network is actively communicating with Tether to determine the next course of action.

After receiving all the assets, we will compare and check for overall changes and perform asset recovery in order to prepare for the assets to be withdrawn freely by users.

5. Resuming Services

Once all the assets have been recovered, Poly Network will make every effort to return full asset control to users as soon as possible and will resume cross-chain services and transaction pairs after the smart contract upgrade is complete.

This incident does not just concern all the Poly Network users, community participants, and partners, but also greatly affects the confidence of society at large in the crypto industry. With this immense sense of responsibility and awareness, Poly Network has made asset recovery the team’s number one priority right from the moment this issue occurred. We hope that the users who are temporarily unable to transfer their assets will try to remain calm and patient, as your understanding will help the team handle your asset recovery in the most appropriate manner.

For more information on Poly Network’s innovative capabilities as well as instructions on how to join, please refer to the links below