More than a third of $613 million in digital currencies that hackers took during one of the largest cryptocurrency heists has been sent back by the hacker. It was reported that $260 million of the stolen money had been recovered, but that a further $353 million remained due.
— Poly Network (@PolyNetwork2) August 10, 2021
Poly Network, which facilitates token swaps across several blockchains, said on Tuesday that they had been hacked and asked the hackers to send back some of the stolen money, declaring that they would pursue legal action if they didn’t comply. Chainalysis, a blockchain forensics firm, said that hackers exploited a weakness in the digital contracts Poly Network utilizes to transfer assets across various blockchains.
“I Am Not Very Interested in Money”
The hacker who claims to have carried out the hack has said in private messages that they carried it out for “fun” and wanted to “exposethe vulnerability” before others could take advantage of it, as seen within the hacker’s on-chain messages.
This suspected hacker claims that the tokens’ return was “always the plan.” He added, “I am not very interested in money.”
Developers at Poly Network reportedly sent a message to the hacker via an Ethereum transaction, warning that “known Poly addresses” would be controlling a multi-signature address. The wallets to which the hacker should refund the money were also mentioned.
Approximately $2.1 million in crypto has been sent to two of these addresses by the attacker. To begin, the Polygon network address was given 1,010,100 USD stablecoins in the form of USDC. Later that hour, they completed the transaction for $1.103 million in BTCB tokens (token linked to the price of Bitcoin that runs on the Binance Smart Chain), which at current rates works out to be 23.88 BTCB.
How Did the Hack Happen?
Poly Network is a decentralized finance protocol that enables the movement of tokens from one blockchain to another. Examples of networks that have been built separately from each other are Binance Smart Chain and Ethereum. It is difficult to transfer coins between different networks because of the different technologies used.
“Contract calls” (i.e. contract calls that aren’t meant to be broadcast on a blockchain) were compromised in the attack, according to Poly Network. A report stated that the hack was “very certainly” premeditated, well-organized, and prepared. The event has drawn attention to the fact that in the crypto industry, which is mostly unregulated, customers are left in the dark.
This event may put a dent in the fast-growing but still very early decentralized finance (DeFi) industry’s trust. Decentralized financial services (DeFi) don’t depend on centralized financial intermediaries, such as brokerages, exchanges, or banks. This openness means that anyone can use DeFi, which opens up decentralized finance protocols like Poly Network to malicious actors who will try to exploit the locked value (tokens) on protocols.
How do you feel about DeFi in the wake of this massive hack?