The Poly Network protocol, which operates in the area of Decentralized Finance (DeFi), reported that it suffered a hacker attack in which around $600 million were stolen, making it one of the biggest attacks in the history of the cryptocurrency market.
Poly is an interoperability protocol between blockchains, that is, it works by connecting different networks, such as Bitcoin, Ethereum and Ontology. It was created by an alliance between the teams behind several blockchain platforms such as NEO, Ontology and Switcheo.
Poly Network’s twitter profile was one of the tools used to report what happened.
“We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses,” says the Poly team.
Important Notice:
We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker’s following addresses:
ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71— Poly Network (@PolyNetwork2) August 10, 2021
According to the data, $273 million in Ethereum tokens, $250 million in Binance Smart Chain and $85 million in US Dollar Coin (USDC) were stolen from the Polygon network (MATIC).
Experts point out that the source of the attack could have been a cryptography issue. Poly said it found the cause of the vulnerability, but did not give further details.
Hacker returns assets: Minus 1% of total stolen
A day after the announcement of one of the biggest cryptocurrency thefts in history, the hacker responsible for the Poly Network protocol attack began to return some of the resources he had taken.
Also on the afternoon of Tuesday, August 10, the hacker started leaving messages on the Ethereum blockchain, including one mocking that he could have stolen $1 billion and another indicating that he could return some tokens.
The start of the return of stolen tokens also comes after Slowmist, the blockchain security company, claims that it has discovered some information about the hacker’s identity.
By early Wednesday afternoon, the day after the robbery, the hacker had returned $1 million USDC in the blockchain Polygon, $2 million in Shiba Inu and $600,000 in FEI on the Ethereum network, and $1.1 million in BTCB (Bitcoin-backed token) in Binance Smart Chain.
The total, of about $4.7 million, however, this move represents less than 1% of the total stolen.
“The hacker is ready to surrender”
In an open letter addressed to “Dear Hacker”, the Poly Network company said it wanted to establish communication with the thieves and emphasized that the stolen funds “are from tens of thousands of crypto community members, hence the people”.
— Poly Network (@PolyNetwork2) August 10, 2021
Before starting the return of resources, the hacker created a new token, called “The hacker is ready to surrender” and sent it to the requested address in the Polygon blockchain.
The reasons for the attack are not yet known, nor why the hacker is returning, even a small fraction, of the amount.
It is speculated that he may be of the “white hat” type, as the “nice hackers” are known, who carry out attacks to test and discover flaws in systems.
Senior stock exchange executives across the cryptocurrency community are offering to blacklist the addresses to which criminals sent the stolen funds in an attempt to recover them.
As indicated by the immediate drop in the value of stolen tokens, the incident highlights the dangers of decentralized financial systems (DeFi) that are less regulated than traditional markets. Poly Network later tweeted that it discovered the vulnerability that allowed the attacker to make transactions.
Contact with “Mr. White Hat”
In one of his messages, the hacker called for an end to so-called DAOs, or decentralized autonomous organizations that do not need intermediaries to process transactions and that use computer programs to define their rules.
“It’s already a legend to earn so much fortune. It will be an eternal legend to save the world. I made the decision, no more DAO”, said the hacker.
On the afternoon of Thursday, August 12, Poly Network posted a new letter on its Twitter profile, reporting that assets were transferred to a portfolio controlled by the team.
— Poly Network (@PolyNetwork2) August 12, 2021