In Brief:
- $600 million was stolen in what is likely to be one of the biggest cryptocurrency thefts ever.
- They have offered a $500,000 ‘bug bounty’ to a hacker.
- The network is currently in the recovery phase and hopes to get more stable and stronger soon.
About The Largest Hack in History:
On August 10, 2021, In the largest Defi hack attack, an anonymous attacker stole $612 million in bitcoin from the Poly Network cross-chain DeFi protocol. It became the greatest ever theft from a DeFi protocol.
The hacker persuaded the network to approve a transaction that transferred substantial sums of money from three blockchains.
The hackers hacked around $611 million in the largest DeFi hack to date.
The team later also identified the three addresses where the hacker transferred the stolen assets.
- Ethereum Address: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
- BSC Address: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71
- 0xPolygon Address: 0x5dc3603C9D42Ff184153a8a9094a73d461663214
Everyone started to speculate that the main cause of the breach was a cryptography flaw, which is unusual. It could have been comparable to the Anyswap incident, in which a hacker reversed the private key and stole $7.9 million.
Traking Down The Hacker
SlowMist also tweeted that its researchers had “grasped the attacker’s mailbox, IP, and device fingerprints”. They were also “following possible identification evidence associated with the Poly Network attacker.”
How Did The Hacker Successfully Hack The Poly Network?
According to a preliminary assessment, the hackers exploited a weakness in this smart contract, Poly Network tweeted on 10-08-2021.
The hackers overrode the contract rules for each of the three blockchains and divert the funds to three wallet addresses. Poly Network was later able to track them down and publish them.
According to Chainalysis, the attackers took assets in more than 12 different cryptocurrencies, including ether and a form of bitcoin.
The attacker used a function to pass in carefully constructed data to modify the keeper of the EthCrossChainData contract. Although, this event has not occurred due to the leakage of the keeper’s private key.
In the original theft, Attacker Address 1 received 2,857.59 ETH from Poly Network, worth $274,461,628.15 USD.
The attacker withdrew 0.47 ETH from Hoo.com the day prior, which was used to pay for gas fees on transactions related to the hack. Furthermore, the attacker appears to have transmitted 13.37 ETH to a user known as Hanashiro.eth.
The attacker initially supplied the entire amounts of both to the Curve DeFi protocol. By minting 95,269,796 3CRV tokens, the attacker burned the 3CRV tokens in just one hour and received 96,942,061 DAI.
Community Response on Poly Network Hack:
Later, the network requested that cryptocurrency exchanges “blacklist” tokens associated with the hackers’ accounts. According to the stablecoin’s issuer, they froze about $33 million in USDT as a result of the heist.
Meanwhile, the CEO of Binance, a well-known cryptocurrency exchange, Changpeng Zhao, assured to help. He stated that Binance is “coordinating with all of our security partners to provide proactive assistance, but there are no guarantees.”
Responses by hacker on Questioned Why he Hacked?
Through the messages on the Ethereum blockchain, a lot of things about the hacker came forward. He disclosed that he did it “for fun”. He also added that he “wanted to highlight the weakness” before others could exploit it.
The suspected hacker stated that returning the tokens was “always the goal,”. Further adding, “I am not extremely interested in money.”
Warnings and Communication From Hacker:
Poly Network threatened police cooperation. The hackers, on the other hand, were given the opportunity to “find out a solution.”
The attacker wrote “Ready to refund the funds!” in an Ethereum transaction from PolyNetwork Exploiter at about 4:00 UTC on Wednesday. This was followed by a notification that said, “Failed to contact the Poly.” You must provide me with a safe multisig wallet.”
After around 20 minutes, the Poly Network team stated that it’s “preparing a multisig address controlled by known Poly addresses.” The Poly Network team found 3 addresses to which the attacker should repay the funds in a follow-up transaction.
The addresses were:
- Ethereum Address: 0x71Fb9dB587F6d47Ac8192Cd76110E05B8fd2142f
- BSC Address: 0xEEBb0c4a5017bEd8079B88F35528eF2c722b31fc
- 0xPolygon Address: 0xA4b291Ed1220310d3120f515B5B7AccaecD66F17
$273 million in Ethereum tokens, $253 million in Binance Smart Chain tokens, and $85 million in USDC on the Polygon network were among the stolen assets.
The Poly Network Asked to Return Assets:
In a tweet, the network also asked the hackers to “return the hacked assets” and to initiate dialogue with them.
Hacker Starts His Own QnA With Everyone?
About 12 hours ago the hacker responded to a few questions that were asked. He gave certain responses like; why did he hack in the first place. He also commented that the entire network is not completely decentralized, etc.
When and How The Hacker Starts Returning Money?
The hacker produced a token called “The hacker is ready to surrender”. He then sent this token to the Polygon address 7 minutes before sending the first transaction relinquishing some of the cash.
After that, they chose to donate $1 million in USDC back to the Polygon blockchain. They did it in three separate transactions, each with increasing amounts (10, 10,000 and 1 million). They also returned 23.8 BTCB, a Binance Smart Chain bitcoin-pegged token, 259.7 billion shiba inu (SHIBA) ($2 million), and $600,000 in FEI.
But later after communicating with the Poly Network via encryption, the hacker returned nearly all of the assets on BSC. They contributed an additional 1,000 BTCB ($46.4 million), 26,629 ETH ($86 million), and $119 million in BUSD, a stablecoin. This chain’s only remaining assets are 6,613 BNB ($2.6 million).
The Poly Network Offers Reward to The Hacker:
The network also expressed its hope that “Mr. White Hat” would contribute to the future growth of the blockchain sector. The team proposed a $500,000 incentive it had given as part of the digital currency’ repatriation talks.
Most Recent Conversation of Tacker:
The last message from the hacker was received 16 hours ago. He stated that “he is so flattered and that he just triggered and showed how such a big network is hacked”.
Current status of poly network after the Hack:
For now, the network has resumed all the services and even conveyed a hearty apology to all the users. They are expecting a quick recovery and safer service provider in future.
What is Poly Network?
Poly Network is a blockchain interoperability mechanism for distributed ledgers. It has developed Interoperability with 11 other chains, including Bitcoin, Ethereum, Neo, Ontology, and BSC.
Conclusion:
In what is expected to be one of the worst cryptocurrency thefts ever, more than $600 million was stolen. Except $33 million of the $600 million stolen has now been restored, according to Poly Network. As per source the network is now building itself into a more stable and stronger platform.
