More

    Biggest Heist In DeFi? How A Hacker Stole $600M From Poly Network

    Around 1:00 PM UTC, the official Twitter handle for Poly Network reported an attack on their platform resulting in one of the worst attacks on DeFi since its inception.  The hacker managed to transfer over $600 million in assets to Polygon, Ethereum, and Binance Smart Chain (BSC) addresses.

    According to their website, PolyNetwork is a protocol built to operate across multiple blockchains to perform transactions with their Decentralized Exchange (DEX), lending and borrowing, and stablecoin based services. The platform has been integrated with Bitcoin, Ethereum, BSC, Ontology, Elrond, Ziliqa, and others.

    Poly Network called on miners, crypto exchanges, and other entities to blacklist the funds in stablecoins and DeFi tokens which included Wrapped Bitcoin (WBTC), Wrapped Ethereum (WETH), RenBTC, DAI, UNI, Shiba Inu (SHIB), FEI, USD Coin (USDC), Tether (USDT).

    The hack took place on an interoperable blockchain agnostic trading pool built with O3 Labs, called O3 Swap. Poly Network added:

    After preliminary investigation, we located the cause of the vulnerability. The hacker exploited a vulnerability between contract calls, exploit was not caused by the single keeper as rumored.

    Although the hacker successfully managed to move the funds, some entities, such as Tether, responded to Poly Network’s called and blacklisted part of the assets. The attacker attempted to “launder” the loot using Curve and other DeFi protocols, but some of the transactions failed because the blacklisted USDT was used in the transactions.

    A community member with the name “Hanashiro.eth” warned the hacker about using USDT via a message on a transaction and received $42,000 or 13.37 ETH from an address linked to the “PolyNetwork Exploiter”, as seen below. Many others tried to aid the hacker in an attempt to receive a reward and started referring to the hacker as “Etherhood”.

    Source: HsakaTrades via Twitter

    DeFi Hacker Identified After Stealing Funds From Poly Network?

    The attacker managed to convert a large portion of the funds, except for the centralized stablecoins. Poly Network published the following message trying to establish a communication channel with the hacker and retrieve part of the DeFi tokens:

    The amount of money you hacked is the biggest one in the defi history. Law enforcement in any country will regard this as a major economic crime and you will be pursued. It is very unwise for you to do any further transactions. The money you stole are from tens of thousands of community members, hence the people.

    Shortly after, security firm SlowMist published a report claiming that they have identified the attacker’s mailbox, IP, and device fingerprint. The firm apparently used on-chain and off-chain data to track the hacker with the help of their partners and exchange platforms.

    Other reports claimed that the DeFi funds were tied to centralized entities. Thus, it was possible to track down the attacker. Via a message input in a transaction, the hacker said:

    IT WOULD HAVE BEEN A BILLION HACK IF I HAD MOVED REMAINING SHITCOINS! DID I JUST SAVE THE PROJECT? NOT SO INTERESTED IN MONEY, NOW CONSIDERING RETURNING SOME TOKENS OR JUST LEAVING THEM HERE.

    At the time of writing, ETH trades at $3080 with a 2.3% loss in the daily chart.

    DeFi Poly Network
    ETH with minor losses in the daily chart. Source: ETHUSD Tradingview

    Related articles

    Comments

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here

    Share article

    Latest articles

    Crypto is the ‘top contender’ for correction, money managers say, Invest News & Top Stories

    NEW YORK (BLOOMBERG) - By many counts, 2021 was the year cryptocurrencies were finally embraced by institutions. Now those same money managers say the...

    Crypto markets recover, but BTC could ruin the party

    Bitcoin price continues to...

    Vietnamese blockchain-based game hub Whydah bags $25m funding

    Vietnamese blockchain-based game hub Whydah has raised $25 million in a funding round, aimed at helping game studios apply blockchain technology, according to an...

    Newsletter

    Subscribe to stay updated.