Hacker Starts Returning $600mln Swindled from DeFi Platform Poly Network
Poly Network, a cross-chain DeFi platform, got compromised Tuesday, with the perpetrator stealing about $600 million in cryptocurrency. Surprisingly, the Poly Network hacker has said that he is ready to repay the stolen bitcoin money. Poly Network, founded by the creator of the Neo Chinese venture, runs on the Binance Smart Chain (BSC), Ethereum, and Polygon blockchains. The latest breach affected all three blockchains at the same time.
The Poly Network team, on the other hand, was able to pinpoint three wallet addresses where the looted cryptocurrencies were routed.While writing this article, blockchain scanning tools revealed that the three addresses had more than $600 million in total. USDC, Wrapped Bitcoin, Wrapped Ether, and Shiba Inu are the currencies used.
Poly Network responded by urging miners on the relevant blockchains and cryptocurrency exchanges to ban tokens from the hacker’s identities in the form of addresses. Furthermore, The Poly Network team posted a tweet asking the hacker to give back the stolen assets. Refusal to do so would eventually lead in law enforcement authorities pursuing you. Poly Network concluded the letter by encouraging the hacker to contact them to come up with a plan.
Only an hour after the assault, the hacker made an attempt to transfer the stolen funds to the liquidity pool Curve using the Ethereum address. The deal was quickly halted. Tether CTO Paolo Ardoino also tweeted that Tether has seized roughly $33 million in cryptocurrencies linked to the assault. Wu Blockchain, on the other hand, tweeted: “Binance and Circle must explain why the 3 million BUSD and 26 million USDC stolen by hackers are not seized.”
Nevertheless, over $100 million was subsequently transferred from the BSC address and put in the Ellipsis Finance liquidity pool. BlockSec, a blockchain security company headquartered in China, published an early attack study. According to the company, the breach may have occurred as a result of private key leaking. As a result, the attacker was able to complete the cross-chain transaction. It might also have occurred if the hacker “abused” a possible flaw in the network’s signature procedure.
SlowMist, another cyber-security company, reported that the hacker originally held money in Monero, a privacy-focused cryptocurrency. The hacker then traded them for ETH, BNB, MATIC, and some more tokens before launching the assault. SlowMist inferred from this that the assault had been planned a long-time back and was well executed.
We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker’s following addresses:
— Poly Network (@PolyNetwork2) August 10, 2021
— SlowMist (@SlowMist_Team) August 10, 2021
In response to the incident, a BSC spokesman encouraged users and covenants to take safety precautions “very seriously.” A count of trustless bridges has also been targeted, according to the spokesman. At present, BSC and its security associates are providing as much assistance to the ongoing inquiry as they need to. The most recent hack demonstrates how susceptible future cross-chain covenants are to exploitation.
Poly Network’s $600 million leak is the most significant assault in cryptocurrency history. Thorchain, another cross-chain liquidity pool, was attacked twice in two weeks in July. Another cross-chain DeFi protocol, Rari Capital, was attacked in May, resulting in ETH losses of almost $11 million.
On Wednesday, at 4:00 a.m. UTC, the hacker made an Ethereum trade to themself, saying in an encapsulated transaction message that they were “ready to repay the fund.”
In a later communication, the hacker requested a multisig wallet address in order to restore the money to Poly Network. “Failed to make touch with the poly. I need a secure multisig wallet from you,” the hacker said.
On Wednesday, Poly Network’s Twitter handle issued a statement, giving three different wallet addresses for the hacker to transfer the stolen money back to the source. “We are creating a multisig address managed by recognized Poly addresses,” Poly Network said in an Ethereum trade to the hacker’s account.
O3 Labs, a cross-chain developer initiative, speculated that the person responsible for the Poly Network’s huge decentralized finance (DeFi) vulnerability might be a white hat hacker. “Winning such a large sum of money is already legendary. To rescue the planet will become an everlasting glory. “I made the choice, no more DAO,” the hacker wrote in another post.
As of about 8:00 a.m. UTC, the attacker has begun repaying the stolen money, transferring back almost $1 million in USD Coin (USDC) on the Polygon blockchain. Poly Network has now verified that payments had been received, saying, “You have taken the step in the correct way.” On Polygon, we got almost a million USDC.
Did you request that the recipient addresses be encrypted with your BookKeeper public key?” The hacker also began remitting on the Binance Smart Chain, paying back $1.1 million, as per data acquired by cryptocurrency journalist Colin Wu. According to Wu, the hacker also remitted $2.65 million in Shiba Inu (SHIB) and Fei.
The rapid growth of DeFi has made it a lucrative target for hackers. As per a study published in April by the cryptocurrency research firm Messari, DeFi covenants have ended up losing roughly $285 million due to hacking and other vulnerabilities since 2019.
Hope you will transfer assets to addresses below:
Polygon: 0xA4b291Ed1220310d3120f515B5B7AccaecD66F17 pic.twitter.com/mKlBQU4a1B
— Poly Network (@PolyNetwork2) August 11, 2021
The hacker returned shib and fei, worth about 2.65 million US dollars. pic.twitter.com/PP92fXtUMQ
— Wu Blockchain (@WuBlockchain) August 11, 2021