Unidentified hackers carried out what is possibly the largest attack in distributed finance (DeFi). They use a vulnerability in the cross-chain protocol Poly Network and have stolen at least 600 million US dollars from three chains.
According to an update on Tuesday on Twitter, Poly Network said the attacks included assets from Binance Chain, Ethereum and the Polygon Network was stolen. The blockchain data from the respective networks show that the hackers stole around US $ 273 million from Ethereum, US $ 85 million in USD Coin (USDC) from the Polygon network and US $ 253 million from the Binance Smart Chain to have. Poly also reported that renBTC, wrapped bitcoin (WBTC) and wrapped ether (WETH) were implicated in the attack. “A weak point between contract calls” exploited.
Chinese cybersecurity firm SlowMist released an update shortly after the hack became known, in which it announced that its analysts had identified the attacker’s email address, IP address and fingerprint. However, the company did not disclose this information. The company said it used data from the Hoo exchange and other firms and discovered that the hacker’s original source of money was Monero (XMR). This money was then converted into Binance Coin (BNB), Ether (ETH) and MATIC.
“Combined with the flow of money and information from multiple fingerprints, it can be determined that the attack is likely to be a long-planned, organized and prepared attack,” said SlowMist.
The hacker also posted at least three strange messages about the transaction records on Ethereum. According to data from Etherscan, the hacker is considering returning part of the stolen money because he was apparently unable to move some of the tokens. He allegedly asked the community for help with laundering the digital assets via the Tumbling Service Tornado and suggested that the DAO should decide where the tokens will go:
“That would have been a billion hack if I had moved the rest of the shitcoins! Did I just save the project? I’m not that much interested in money and am now wondering whether I should return a few tokens or just leave them lying around.”
People from the DeFi and crypto industries offered their help and support. The OKEx boss Jay Hao said, the exchange team is “watching the coin flow” and will try to get the situation under control. The Tether CTO Paolo Ardoino reportedthat the project has frozen around $ 33 million in Tether (USDT) from one of the affected addresses. Binance CEO Changpeng Zhao said the crypto exchange was speaking out with security partners to “proactively help” after the hack.
In this context: Growing pains? DeFi takes advantage of the BSC situation: Reinforcement required
The Poly Network was launched last year and is a joint project between Ontology, Neo and Switcheo. The aim is to create a “heterogeneous interoperability protocol alliance” and to integrate the blockchains into the larger, cross-chain ecosystem. Using this protocol, users can exchange tokens across different blockchains.