The saga behind $610 million Poly Network cryptocurrency theft — everything we know about the mysterious hacker behind the attack and what went down over the last three days

Advertisement
The saga behind $610 million Poly Network cryptocurrency theft — everything we know about the mysterious hacker behind the attack and what went down over the last three days
A mysterious hacker stole $611 million from the Poly Network and then returned the entire amount after highlighting the platform's vulnerabilityCanva
  • The theft of $610 million from the blockchain platform, Poly Network, is the biggest in the crypto space so far.
  • The mysterious hacker behind the heist highlighted vulnerabilities in their technology, then returned all the funds while refusing bounty.
  • With improved security on crypto exchanges, hackers have been looking at decentralised finance (DeFi) to get their hands on cryptocurrencies like Ethereum, Bitcoin, and others.
In the single largest cryptocurrency hack so far, over $600 million was stolen on August 10, 2021 by a ‘white hat’ hacker. The self proclaimed do-gooder claims to have breached the system and stolen $610 million in cryptocurrencies — Ethereum, Binance Smart Chain and Polygon tokens — simply because he wanted to highlight the vulnerabilities of the Poly Network blockchain platform.

According to the four-part question & answer series they have attached to their transactions as comments while returning the funds, the hacker claims to not be ‘evil’. He only took up this drastic step because he was paranoid that the Poly Network team would fix the glitch without informing anyone about it.

This hack was directed at Poly Network, a decentralised finance (DeFi) platform that facilitates users that lend, borrow, exchange or trade cryptocurrencies – and earn or pay interest while doing so. Cryptocurrencies worth $65 billion were locked into DeFi platforms, as of May 2021.

Advertisement

How did the hacker steal $610 million from the Poly Network?



The hacker claims to have noticed a security hole in how Poly Network uses ‘smart contracts’ called tokens to trade cryptocurrencies, explained in a tweet thread by Kelvin Fichter, a blockchain developer.

Poly Network is a ‘cross chain’ platform that tries to help users communicate across completely different blockchains. This means being able to make transactions across Bitcoin, Ethereum, Ontology, Binance Smart Chain, and so on.

Advertisement

While using ‘blockchain interoperability’ to solve one problem of cryptocurrencies – siloed communication within separate blockchains – Poly was exposed as vulnerable by the hacker and jeopardised their users’ money instead.

Like all software, Poly seems to have had a bug that was not identified until now, an instruction that was used only internally and should not have been possible to access by those outside the company.

As posited by Fichter on Twitter and confirmed by the hacker’s comments, the hacker sent out a message through the Ontology blockchain network to use a special internal instruction called EthCrossChainManager. That resulted in transferring ownership of other smart contracts, and thus the cryptocurrency underpinning those contracts, to wallets controlled by the hacker.

Advertisement
The saga behind $610 million Poly Network cryptocurrency theft — everything we know about the mysterious hacker behind the attack and what went down over the last three days
How Poly Network's ‘cross chain’ platform allows users communicate across completely different blockchains<br>SlowMist

The largest haul in crypto history


As a result, the hacker took over ownership of $610 million worth of cryptocurrency – denominated in 12 different currencies including Ether coins, Binance Smart Chain coins and Polygon tokens.

Stolen assetAmount stolen
Edit
Ethereum$273 million
Binance Smart Chain$253 million
Polygon$85 million
Source: Poly Network

Advertisement
The quantum of loss meant that Poly wasn’t going to hush up a security breach – they tweeted an open letter that began with ‘Dear Hacker’, declared it a major economic crime, and advised that a solution be worked out to return the hacked assets. A cybersecurity firm called SlowMist helped analyse the attack, but the hacker remains unidentified so far.

He saw, he conquered - and then gave it all back?



The hacker claimed to have exchanged a portion of the currency for stablecoins — like Tether and USD Coin — to gain interest on the amount while negotiating with the company to return the money.

Advertisement
As of 12 August 2021, the company has recovered $342 million of the $610 million that was hacked, with $268 million in Ether coins still pending.

A ‘saint’ of cryptocurrency



The same day after the successful hack, the unidentified hacker conveyed messages to Poly Network through transaction comments – first saying “Ready to return the fund!” and that, “The hacker is ready to surrender.”

Advertisement
The saga behind $610 million Poly Network cryptocurrency theft — everything we know about the mysterious hacker behind the attack and what went down over the last three days
The hacker behind the $611 million crypto hack on the Poly Network claims he only did what he thought he had to do for the 'greater good'BI India

From their stated perspective, the hacker took control of the money to keep it safe. They saw a bug that could be exploited to acquire millions, and felt nobody could be trusted with the information. In their Q&A, they claim the vulnerability had to be exposed before an insider within the company could hide or benefit from it.

The saga behind $610 million Poly Network cryptocurrency theft — everything we know about the mysterious hacker behind the attack and what went down over the last three days
Poly Network exploiter's AMA (Part 1)Reddit

Despite having hacked the Poly Network, they still say it is ‘decent’, a ‘well designed system’, and a ‘challenge’ they enjoyed. They claim leaving lower-volume coins out of the hack, and not selling the coins they did take over, were steps they took to avoid a ‘real panic of the crypto world’.

Advertisement
The saga behind $610 million Poly Network cryptocurrency theft — everything we know about the mysterious hacker behind the attack and what went down over the last three days
Poly Network exploiter's AMA (Part 2)Reddit

They hope the Poly team ‘learn something from those hacks’, and want to give them tips on securing their networks, so they ‘can be eligible to manage the billion project’ in the future. They claim to have ‘enough money’, want adventures, fight fate and dread death.

The saga behind $610 million Poly Network cryptocurrency theft — everything we know about the mysterious hacker behind the attack and what went down over the last three days
Poly Network exploiter's AMA (Part 3)Reddit

They seem to indicate that ‘DeFi security’ is hackable, but ‘not enjoyable’ as a real hacker. They mention a selfish motive to be ‘cool’, that ‘cross chain hacking is hot’, but chose to refund the hack as they wanted to be ‘the moral leader’.

Advertisement
The saga behind $610 million Poly Network cryptocurrency theft — everything we know about the mysterious hacker behind the attack and what went down over the last three days
Poly Network exploiter's AMA (Part 4)Reddit

In continued exchanges through transaction comments, Poly Network appreciated the 'white hat behavior' and offered a bounty of $500,000 in return. The hacker did not accept the bounty offer, responding with "I will send all of their money back."


What happens next?


Poly Network’s bridge, which acts as an intermediary for multiple chains and is a major part of a cross-chain platform, was temporarily closed as of 13 August 2021. It is expected to open when the hack is resolved and the site regains full functionality.
Advertisement

If Poly Network presses charges, a legal case might exist to proceed against the hacker. However, the hacker dubbed ‘Mr White Hat’ is co-operating with the company and seems to want their vulnerabilities fixed. No legal charges have been opened so far.

As seen from earlier attacks on DeFi systems, and the hacker’s comments, it would seem that security of DeFi systems is still evolving. So the question of whether to expect more hacks on other such centralised systems that use cryptocurrencies, is an open one.

Major cryptocurrencies themselves are relatively safer, because of the built-in security, architecture that doesn’t expect trusted insiders, their decentralised nature and continuous bug fixes by the community.
Advertisement

Large DeFi attacks this year


According to an August 2021 report by crypto intelligence firm CipherTrace, DeFi-related hacks are trending upward in 2021.

DeFi-related hacks at $361 million accounts for 76% of crypto-hacks so far this year, compared to $129 million or 25% of the total crypto hacks for all of the year 2020. Cross-chain DeFi exchanges suffered a lot, as shown in the three examples below.

Advertisement
MonthDeFi entityLossDescription
Edit
July 2021THORChain$13 millionWas attacked twice, lost various currencies. They recovered $8 million the second time, after paying the hacker a bug bounty.
July 2021ChainSwap$8.8 millionWas attacked twice, lost smart contract assets. The hackers remain at large.
May 2021Rari Capital$10 millionLost crypto assets due to an ‘evil contract’ exploit. The hackers weren’t found, Rari’s developers (which they called contributors) paid a portion of their incentives to reimburse affected users.
May 2021PancakeBunny$45 millionLost value of their BUNNY token due to a ‘flash loan’ exploit. Its value dropped by 96%, from $146 to $6. The attackers weren’t caught, and the token’s value is still down by 90% even three months later.
Inferring from the events of these three days, the Poly Network exploit could serve as a warning for future developers in the crypto and blockchain space. The probable direct impact of this hack went from an earthquake that could ruin investors, to a remarkably tame ending where all parties involved may come out unscathed.

However, the indirect impact may be upon the funding of crypto exchanges, coin offerings, and DeFi platforms – all of which have been raising capital at a frenetic pace. Where the money until now favoured innovations and first movers, this incident would shine a brighter light on the internal security of ventures.

SEE ALSO:
CoinDCX becomes India’s first crypto unicorn as it joins the leagues of Binance, Robinhood, Ripple, and others

Hacker behind $610 million crypto hack conducts AMA — claims returning the money was always ‘a part of the plan’

Crypto markets are recovering, and mining companies in North America are raking in the gains



Advertisement

{{}}