The night of July 1st, PolyNetwork, a bridge on the Metis ecosystem, was exploited by a malicious actor. The hacker was able to mint, and pull all available liquidity from PolyNetwork. The assets that were affected are METIS on BNBChain, METIS on Ethereum, BNB on Metis, and BUSD on Metis. A detailed document has been prepared in order to explain how these assets became affected, and what measures will be taken.

Assets Affected

METIS

• 8,882,912 METIS were minted on BNBChain, by the hacker, using the bridge’s mint and burn function. As a temporary solution, liquidity has been pulled from PancakeSwap and Stargate. Additionally, the PolyNetwork bridge has been closed by the official team. Given all the newly minted METIS tokens (PolyNetwork wrapped version of METIS) have no way out of BNBChain, and there’s no significant METIS liquidity, this will have no effect on Total Supply nor Circulating Supply of METIS on Ethereum and Metis networks. Thus, this will not affect users on either network.
• Users holding METIS tokens on BNBChain will be affected, as there is now no liquidity for swapping, and no pools for providing liquidity. We will work with PolyNetwork to find solutions for these users.
• Approximately 117,000 METIS were pulled by the hacker from PolyNetwork on Ethereum Mainnet. We are currently working with PolyNetwork in order to evaluate all alternatives at hand, and potential solutions. We will provide a follow up update to inform users, as soon as it’s known with certainty, which alternative will be implemented.

BNB and BUSD

• 99,999,184.18 BNB and 9,999,963,057 BUSD tokens were minted on Metis, by the hacker, through the mint and burn function enabled by PolyNetwork. To address this issue, liquidity has been pulled from Netswap, the bridge has been closed by PolyNetwork, and there’s little-to-no liquidity left for these two tokens.
• There were BNB and BUSD tokens being held by community members on Metis. We are already working with PolyNetwork and 3rd parties to find solutions for these users.

Hacker Tracking

PolyNetwork is currently working with Slowmist, a blockchain security firm established in January 2018, who has audited more than 1,500 well-known smart contracts, tracks all hacks across crypto, and has ample experience helping with exploits.

Next Steps

As potential next steps, we are evaluating the feasibility of:

• Deployment of new contracts for BNB & BUSD on Metis network.
• Deployment of new contracts for METIS on BNBChain.
• Finding potential solutions alongside PolyNetwork to remedy the situation for BNB & BUSD holders on Metis, and to METIS holders on BNB Chain.

We’re grateful for our partners’ quick reactions and thorough cooperation, including but not limited to BNBChain, Stargate, Netswap, and PancakeSwap.

We also want to thank our community for the never-ending support and optimist attitude, even throughout the attack, when uncertainty was peaking.

We will keep the community updated as the situation evolves and will share all measures being taken to make users better off.

Thank you.