DeFi Platform Poly Network Hacked, Over $600 Million Potentially Lost

DeFi Platform Poly Network Hacked, Over $600 Million Potentially Lost

Crypto prices dipped modestly following news that cross-chain protocol Poly Network was hacked resulting in over $600 million worth of assets being taken by hackers. In an early morning tweet, Poly Network  – whose protocol allows users to swap tokens across multiple blockchains, including Bitcoin, Ethereum, Binance Smart Chain, Polygon, and others – revealed that it had fallen victim to an exploit resulting in the loss of over $600 million worth of assets across the Binance Smart Chain, Ethereum mainnet, and the Polygon network.

Important Notice:
We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker’s following addresses:
ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71

— Poly Network (@PolyNetwork2) August 10, 2021

In the same twitter thread, Poly Network listed the addresses where funds were transferred, requesting that miners and crypto exchanges blacklist tokens coming from the hacker’s addresses. Additionally, Poly Network has threatened legal action, urging the hackers to return all assets taken.

We will take legal actions and we urge the hackers to return the assets.

— Poly Network (@PolyNetwork2) August 10, 2021

The assets stolen by the hacker include $273 million of Ethereum tokens, $253 million in tokens on Binance Smart Chain, and $85 million in USDC on the Polygon network, although as Crypto Briefing notes, since Poly Network is a multi-chain protocol used by many projects, the full extent of the damage may not have been identified yet.

Poly Network, a protocol launched by the founder of Chinese blockchain project Neo, operates on the Binance Smart Chain, Ethereum and Polygon blockchains. Tuesday’s attack struck each chain consecutively, with the Poly team identifying three addresses where stolen assets were transferred.

Binance CEO Changpeng Zhao (aka CZ) also tweeted in response to the hack.  “We are aware of the exploit that occurred today. While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can.”

According to The Block and their researcher Igor Igamberdiev, who was one of the first to report the hack, the source of the attack was a “cryptography issue — which is not usually the case. It may have been similar to the Anyswap exploit, which saw $7.9 million stolen due to a hacker reversing the private key.”

About one hour after Poly announced the hack on Twitter, the hacker tried to move assets including USDT through the Ethereum address into liquidity pool Curve.fi, records show. however, the transaction was rejected as members of the crypto community were quick to react once news of the hack spread.

Moments before the hacker attempted to deposit the stolen funds into Curve Finance, Tether CTO Paolo Ardoino blacklisted the hacker’s address, freezing some $33 million in tether funds. Unfortunately, the hacker reportedly managed to transfer some USDC funds into Curve’s stablecoin pool, making a recovery near impossible

. @Tether_to just froze ~33M $USDt on 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963 as part of the #PolyNetwork hack https://t.co/EviPTAkQJD

— Paolo Ardoino (@paoloardoino) August 10, 2021

Meanwhile, close to $100 million has been moved out of the Binance Smart Chain address in the past 30 minutes and deposited into liquidity pool Ellipsis Finance according to Coindesk.

Absent further recoveries, the Poly Network hack may be one of the largest hacks in cryptocurrency history, although according to Crypto Briefing it may also rank highly compared to the biggest heists of all time. Only one other incident looks to have resulted in more money lost when Saddam Hussein’s son stole $930 million from the Bank of Iraq days before the Iraq invasion in 2003. While not technically heists, exit scams have also resulted in large amounts of cryptocurrency being lost. In June, the founders of the South African exchange Africrypt disappeared with over $3.6 billion worth of Bitcoin, making it one of the biggest thefts in history.

The news of the hack dragged crytpo prices from session highs, with Ethereum sliding from a high above $3,230 to $3,100 before rebounding.

Tyler Durden
Tue, 08/10/2021 – 11:58

Share DeepPol