- The theft of $610 million from the blockchain platform, Poly Network, is the biggest in the crypto space so far.
- The mysterious hacker behind the heist highlighted vulnerabilities in their technology, then returned all the funds while refusing compensation.
- With improved security on crypto exchanges, hackers have been looking at decentralised finance (DeFi) to go their hands on cryptocurrencies like Ethereum, Bitcoin, and others.
In the single largest cryptocurrency hack so far, over $600 1000000 was stolen on Baronial 10, 2021 by a ‘white hat’ hacker. The self proclaimed practise-gooder claims to have breached the organization and stolen $610 1000000 in cryptocurrencies — Ethereum, Binance Smart Concatenation and Polygon tokens — simply because he wanted to highlight the vulnerabilities of the Poly Network blockchain platform.
According to the four-function question & answer series they have fastened to their transactions as comments while returning the funds, the hacker claims to not be ‘evil’. He but took up this drastic step because he was paranoid that the Poly Network team would gear up the glitch without informing anyone well-nigh it.
This hack was directed at Poly Network, a decentralised finance (DeFi) platform that facilitates users that lend, infringe, exchange or trade cryptocurrencies – and earn or pay interest while doing so. Cryptocurrencies worth $65 billion were locked into DeFi platforms, as of May 2021.
How did the hacker steal $610 million from the Poly Network?
The hacker claims to have noticed a security hole in how Poly Network uses ‘smart contracts’ called tokens to merchandise cryptocurrencies, explained in a tweet thread by Kelvin Fichter, a blockchain developer.
Poly Network is a ‘cross chain’ platform that tries to aid users communicate beyond completely dissimilar blockchains. This means being able to make transactions across Bitcoin, Ethereum, Ontology, Binance Smart Chain, and so on.
While using ‘blockchain interoperability’ to solve one problem of cryptocurrencies – siloed communication within separate blockchains – Poly was exposed as vulnerable past the hacker and jeopardised their users’ coin instead.
Like all software, Poly seems to take had a problems that was not identified until now, an pedagogy that was used but internally and should not take been possible to access by those exterior the company.
As posited by Fichter on Twitter and confirmed past the hacker’due south comments, the hacker sent out a message through the Ontology blockchain network to use a special internal instruction called EthCrossChainManager. That resulted in transferring ownership of other smart contracts, and thus the cryptocurrency underpinning those contracts, to wallets controlled by the hacker.
The largest haul in crypto history
As a result, the hacker took over ownership of $610 million worth of cryptocurrency – denominated in 12 different currencies including Ether coins, Binance Smart Chain coins and Polygon tokens.
|Stolen asset||Amount stolen|
|Binance Smart Chain||$253 million|
Source: Poly Network
The quantum of loss meant that Poly wasn’t going to hush up a security breach – they tweeted an open letter that began with ‘Dear Hacker’, declared information technology a major economic criminal offense, and brash that a solution be worked out to return the hacked assets. A cybersecurity firm called SlowMist helped analyse the set on, only the hacker remains unidentified so far.
He saw, he conquered – and then gave information technology all back?
The hacker claimed to have exchanged a portion of the currency for stablecoins — like Tether and USD Coin — to gain interest on the amount while negotiating with the visitor to return the money.
Equally of 12 August 2021, the company has recovered $342 meg of the $610 one thousand thousand that was hacked, with $268 meg in Ether coins nonetheless pending.
A ‘saint’ of cryptocurrency
The same day afterwards the successful hack, the unidentified hacker conveyed letters to Poly Network through transaction comments – first saying “Set to render the fund!” and that, “The hacker is fix to surrender.”
From their stated perspective, the hacker took command of the money to keep it safe. They saw a problems that could exist exploited to acquire millions, and felt nobody could be trusted with the information. In their Q&A, they claim the vulnerability had to be exposed before an insider within the visitor could hide or do good from it.
Despite having hacked the Poly Network, they even so say it is ‘decent’, a ‘well designed system’, and a ‘challenge’ they enjoyed. They merits leaving lower-volume coins out of the hack, and not selling the coins they did take over, were steps they took to avert a ‘real panic of the crypto world’.
They hope the Poly team ‘learn something from those hacks’, and want to give them tips on securing their networks, so they ‘can exist eligible to manage the billion project’ in the futurity. They merits to take ‘enough money’, want adventures, fight fate and dread death.
They seem to bespeak that ‘DeFi security’ is hackable, merely ‘not enjoyable’ every bit a real hacker. They mention a selfish motive to be ‘absurd’, that ‘cross chain hacking is hot’, only chose to refund the hack every bit they wanted to exist ‘the moral leader’.
In continued exchanges through transaction comments, Poly Network appreciated the ‘white hat behavior’ and offered a bounty of $500,000 in render. The hacker did non take the bounty offer, responding with “I will transport all of their money dorsum.”
The Poly Network hacker is now maxim that they were offered a $500k compensation to render the stolen assets – but that… https://t.co/qw337WsuW7
— Tom Robinson (@tomrobin) 1628784566000
What happens side by side?
Poly Network’s bridge, which acts every bit an intermediary for multiple bondage and is a major part of a cross-chain platform, was temporarily closed as of 13 Baronial 2021. It is expected to open up when the hack is resolved and the site regains full functionality.
If Poly Network presses charges, a legal case might exist to proceed against the hacker. However, the hacker dubbed ‘Mr White Hat’ is co-operating with the visitor and seems to desire their vulnerabilities fixed. No legal charges have been opened so far.
Every bit seen from earlier attacks on DeFi systems, and the hacker’due south comments, it would seem that security of DeFi systems is still evolving. And then the question of whether to await more hacks on other such centralised systems that use cryptocurrencies, is an open 1.
Major cryptocurrencies themselves are relatively safer, because of the born security, architecture that doesn’t await trusted insiders, their decentralised nature and continuous bug fixes by the customs.
Large DeFi attacks this yr
According to an Baronial 2021 report by crypto intelligence firm CipherTrace, DeFi-related hacks are trending up in 2021.
DeFi-related hacks at $361 meg accounts for 76% of crypto-hacks then far this year, compared to $129 million or 25% of the total crypto hacks for all of the year 2020. Cantankerous-chain DeFi exchanges suffered a lot, as shown in the three examples below.
|July 2021||THORChain||$13 million||Was attacked twice, lost various currencies. They recovered $8 one thousand thousand the second time, afterward paying the hacker a bug bounty.|
|July 2021||ChainSwap||$8.8 1000000||Was attacked twice, lost smart contract assets. The hackers remain at large.|
|May 2021||Rari Capital||$ten one thousand thousand||Lost crypto assets due to an ‘evil contract’ exploit. The hackers weren’t found, Rari’south developers (which they called contributors) paid a portion of their incentives to reimburse affected users.|
|May 2021||PancakeBunny||$45 one thousand thousand||Lost value of their BUNNY token due to a ‘flash loan’ exploit. Its value dropped by 96%, from $146 to $6. The attackers weren’t caught, and the token’due south value is all the same downwards by ninety% fifty-fifty 3 months later.|
Inferring from the events of these three days, the Poly Network exploit could serve equally a warning for time to come developers in the crypto and blockchain space. The probable direct impact of this hack went from an convulsion that could ruin investors, to a remarkably tame catastrophe where all parties involved may come out unscathed.
However, the indirect impact may be upon the funding of crypto exchanges, coin offerings, and DeFi platforms – all of which have been raising majuscule at a frenetic stride. Where the coin until now favoured innovations and first movers, this incident would shine a brighter calorie-free on the internal security of ventures.
CoinDCX becomes India’s first crypto unicorn as information technology joins the leagues of Binance, Robinhood, Ripple, and others
Hacker behind $610 1000000 crypto hack conducts AMA — claims returning the money was always ‘a part of the program’
Crypto markets are recovering, and mining companies in North America are raking in the gains
What is the Polygon address used by the hacker to steal $600 million from the Poly Network in 2021? What is the number of the block that includes that transaction? What is the initial function that the hacker called in their exploit?