Over seven hours after it was first reported, details about an exploit that nabbed $600 million in digital assets from PolyNetwork have been slow to emerge. In the absence of a comprehensive audit, cybersecurity groups have uttered a common refrain to the programmers behind the cross-chain compatibility network: This is on you.
As to the chain of events that got the misbegotten funds there, security experts have differing opinions—with some going as far as accusing their colleagues of misleading the public.
According to an initial analysis by China-based security auditor BlockSec, which it cautioned it had not yet verified, the theft could be the result of "either the leakage of the private key that is used to sign the cross-chain message" or "a bug in the signing process of the PolyNetwork that has been abused to sign a crafted message."
Read the full article from here- https://decrypt.co/78250/how-did-polynetwork-hacker-steal-600-million-security-experts-point-fingers?amp=1