en
Back to the list

The biggest DeFi hit ever: Poly Network sees $600 million crypto heist | CryptoSlate

source-logo  cryptoslate.com 11 August 2021 02:00, UTC

A decentralized finance (DeFi) cross-chain bridging protocol Poly Network recently announced that it has suffered an attack in which the hacker stole over $600 million across three blockchains.

The cross-chain interoperability network flagged the attacker’s addresses on Twitter, which revealed the extent of a massive exploit, urging miners of the affected blockchains and crypto exchanges to blacklist tokens coming from the hacker.

Historical heist

The combined value of stolen crypto exceeds $600 million on three blockchains, totaling roughly $273M on Ethereum, approximately $253M on Binance Smart Chain, and close to 85M on Polygon. 

Important Notice:
We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker's following addresses:
ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71

— Poly Network (@PolyNetwork2) August 10, 2021

After a preliminary investigation, the hacked protocol located the cause of the vulnerability, claiming that the attacker exploited a vulnerability between contract calls as it urged miners of the affected blockchains and crypto exchanges to blacklist tokens coming from the disclosed addresses. 

After preliminary investigation, we located the cause of the vulnerability. The hacker exploited a vulnerability between contract calls, exploit was not caused by the single keeper as rumored.

— Poly Network (@PolyNetwork2) August 10, 2021

“We will take legal actions and we urge the hackers to return the assets,” said Poly Network on Twitter, while trying to establish communication with the attacker, inviting the new DeFi millionaire to talk to the protocol in order to “work out a solution.”

pic.twitter.com/Yzw4oDenjC

— Poly Network (@PolyNetwork2) August 10, 2021

Actions and reactions

Following the attack, Tether, the world’s largest stablecoin, froze roughly $33 million in USDT associated with the alleged hacker’s wallet address, which led to ideological remarks on Twitter, questioning how decentralized is the DeFi corner of the space?

@paoloardoino whatever happened to decentralization?

— Long and Short (mostly long) (@foolsbookie) August 10, 2021

Meanwhile, some of the biggest crypto exchange operators spoke out, offering their help and support, including Binance CEO Changpeng Zhao, Huobi co-founder Du Jun and OKEx CEO Jay Hao.

We are aware of the https://t.co/IgGJ0598Q0 exploit that occurred today. While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can. Stay #SAFU. 🙏 https://t.co/TG0dKPapQT

— CZ 🔶 Binance (@cz_binance) August 10, 2021

.@OKEx is already on the case. We're watching the flow of coins, and will do our best to manage the situation.

Our wallet team will get in touch if we need more information. https://t.co/crD296bNdQ

— Jay_OKEX_CEO (@JayHao8) August 10, 2021

While centralized exchanges also reacted showing support to the hacked protocol, blockchain security intelligence keeps trying to define the exploited vulnerability by retracing the attacker’s steps. 

The #PolyNetwork hack is possibly the largest crypto hack so far. Is the root cause due to a *SINGLE* compromised signer key? Here is the hack flow!!! pic.twitter.com/GphK5e7Its

— PeckShield Inc. (@peckshield) August 10, 2021

In anticipation of the protocol’s post mortem…

cryptoslate.com