DeFi Platform Neko Network Gets Hacked
Well before the mist had cleared on the largest breach in DeFi history, the Poly Network intrusion, Neko Network had been hacked. As per the blockchain security company SlowMist, Neko Network lost almost $2 million in stablecoins.
The hacker’s address particularly got 2 million USDT, 390,000 BUSD, and 1BTCB. The attacker(s) then exchanged the looted stablecoins for BNB via PancakeSwap on the Binance Smart Chain (BSC).
2,871 BNBs have been recovered out of an aggregate of 6,390 drained. However, the hacker’s subsequent activities have not shown any desire of repaying the entire money. To mix currencies, the intruder has been sending 100 BNB at a round to Tornado Cash. The hacker’s wallet address has 2020 BNB out of the leftover 3,519 BNB as of Friday.
Importantly, the hacker took use of a flaw discovered in Neko Network’s lending covenant on BSC. The hacker mortgaged assets in the victims’ names before transferring borrowed money straight to their addresses. Neko Network locked its asset streams in the aftermath of the assault.
A time-freeze option has made it take 24 hours to create and collect money for a fund pool. A few days before, the DAO Maker crowdfunding site was hacked resulting in a loss of over $7 million.
According to Wu Blockchain, the hacker(s) stole USDC from clients’ top-up accounts and swapped it with approximately 2,261 ETH. It is generally assumed that the hacker used ETH instead of USDC since Circle, USDC’s parent company, may quickly freeze funds. Tether froze almost $35 million USDT in response to the latest Poly Network hack.
As per one estimate, the DAO Maker breach may have impacted between 9,000 and 10,000 USDC accounts. Users have already complained that their pre-funding payments have disappeared without a trace, although DAO Maker is yet to issue an official comment.
On Tuesday, a hacker(s) managed to steal about $610 million in cryptocurrency from the Poly Network. The hacker has now repaid the majority of the stolen assets, although in tiny pieces. Nonetheless, the hacker continually ridiculed the Poly team’s security procedures in a leaked digital letter. Furthermore, the attacker boasted to have the potential to drain billions of dollars if “Shitcoins” were a part of the theft.
Poly Network is now giving the attacker a $500,000 prize in exchange for revealing security flaws. The network referred to the hacker as a “white hat,” and conveyed appreciation to him/her for “assisting to enhance” its cybersecurity. According to experts, refunds were made owing to practicality concerns, since laundering stolen cryptocurrency takes more work than stealing. Others, though, believe that the attacker retreated out of fear of being exposed and prosecuted when analysis showed some personal details.
Polynetwork stated that it will provide a legal bonus of US$500,000 for hackers’ “white hat behavior”.
— Wu Blockchain (@WuBlockchain) August 12, 2021
Nevertheless, the spate of assaults raises worries about the DeFi market’s security risks, inspite of its rapid expansion. Month after month, the DeFi infrastructure has been targeted, mostly owing to internal vulnerabilities. A hacker boldly displaying the capacity to pilfer billions for the sake of amusement just tarnishes the DeFi image further.