Multi-chain interoperability protocol PolyNetwork is at the centre of one of the biggest hacking exploits ever. This platform that works as an intermediator in connecting different blockchains so that they can work together, suffered a loss of approximately $600 million worth of various cryptocurrencies.
Important Notice:
We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker's following addresses:
ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71— Poly Network (@PolyNetwork2) August 10, 2021
According to the official announcement, there are currently three known addresses that reportedly belong to attackers: Ethereum (which currently holds $264.8 million worth of crypto), Binance Smart Chain ($250.8 million), and Polygon ($85 million).
In terms of scale, this is being considered as the largest cryptocurrency hack of all time, especially as there are dozens of other projects and companies that use PolyNetwork who were also affected.
More companies affected
Not long after the attack happened , PolyNetwork-based cross-chain pool O3 Swap, which allows users to trade tokens between different blockchains, decided to suspend its cross-chain functionality.
The company tweeted.
O3 Swap cross-chain function is currently suspended due to the Poly Network was hacked. We are in contact with the team. Please be patient to back to full functionality.
The non-cross-chain function is available and can be used normally. https://t.co/rpl9lMjaS9— O3 Labs (@O3_Labs) August 10, 2021
Tether’s chief technology officer Paolo Ardoino statted that his USDT-creating company decided to freeze approximately $33 million worth of its stablecoins stolen by the hackers.
. @Tether_to just froze ~33M $USDt on 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963 as part of the #PolyNetwork hack https://t.co/EviPTAkQJD
— Paolo Ardoino 🍐 (@paoloardoino) August 10, 2021
Still, Poly Network didn’t just give up and it tried to establish communication with the hackers, and urged them to “return the hacked assets.”
— Poly Network (@PolyNetwork2) August 10, 2021
Once the hackers took the assets, they began to send it to various other cryptocurrency addresses. Security company SlowMist said more than $610 million worth of cryptocurrency was transferred to three different addresses.
Jake Moore, former Head of Digital Forensics at Dorset Police and Cybersecurity Specialist at global cybersecurity firm (ESET) stated that cryptocurrency hacks attract huge amounts of attention often due to the “colossal sums of money associated with them but there is also an element of fear that is naturally linked to these attacks”.
“The issue with cryptocurrencies is that they are largely unprotected and therefore, when a hack occurs it is not like an ordinary bank heist where the money is stolen from the bank who remains the victim. Money stolen which is stored in digital ledgers is taken from individual accounts and this is what worries those choosing to store their money in these locations,” he added.
He also noted that by just simply “asking the hackers to return the currencies suggests there is little left to do for those involved including the authorities. Cryptocurrencies by nature are largely anonymous which makes such heists extremely attractive to those wanting to illicitly gain from the amount of work required to gain such rewards.”
Poly Network immediately asked all cryptocurrency exchanges to “blacklist tokens” coming from the addresses that were linked to the hackers.
CEO of Binance, Changpeng Zhao, said Binance is “coordinating with all of the security partners to proactively help,” but added that even though he was aware of the attack, “there are no guarantees” the money will be refunded.
Poly Network warned that the company plans to take legal actions and urged the hackers to return the assets and the research showed that the theft was “likely to be a long-planned, organized and prepared attack”.
DeFi as key target for attacks
Hacks related to decentralised finance (DeFi) totaled $361 million in the first half of this year. This represents an increase of almost three times from the whole of 2020, according to cryptocurrency compliance company CipherTrace.
DeFi-related fraud is also on the rise, research showed. During the first seven months of 2021, they accounted for 54% of total crypto fraud volume versus 3% for all of last year.
Disclaimer: The views and opinions expressed by the author should not be considered as financial advice. We do not give advice on financial products.