Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Poly Network, a decentralized finance (DeFi) platform, has revealed that this week it fell victim to a massive cryptocurrency hack that led to the organization losing allegedly over $611 million.
The attack on Poly Network, a protocol allowing users to swap cryptocurrency (including bitcoin) across different blockchains, is believed to be one of the largest cryptocurrency hacks ever.
The network announced in a tweet the news of the hack and advised exchanges to block all of the cryptocurrency assets that were transferred into the hackers’ wallets.
Important Notice:
We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker’s following addresses:
ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71— Poly Network (@PolyNetwork2) August 10, 2021
The DeFi platform is a protocol that allows its users to exchange tokens across numerous blockchains such as Bitcoin, Ethereum, and Ontology. It was created by an alliance between several blockchain suppliers specifically Neo, Ontology, and Switcheo.
The Poly Network Hack Consequences
As per the report issued yesterday by the crypto intelligence organization CipherTrace, the stolen cryptocurrency amount is worth more than the criminal losses registered by the entire DeFi sector from January to July 2021 of a record $474 million.
According to crypto trade publication The Block, the amount stolen was $273 million of Ethereum tokens, $253 million in tokens on Binance Smart Chain, and $85 million in USDC on the Polygon network.
Since the incident, the CTO of Tether announced in a tweet that the organization had blacklisted the $33 million linked to the hacking attack which means the money can no longer be transferred.
We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses.
The cryptocurrency exchange Binance CEO Changpeng Zhao also declared:
We are aware of the https://t.co/IgGJ0598Q0 exploit that occurred today. While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can. Stay #SAFU. 🙏 https://t.co/TG0dKPapQT
— CZ 🔶 Binance (@cz_binance) August 10, 2021
Igor Igamberdiev, a journalist at The Block stated that a cryptography issue was the starting point for the Poly Network hack, which is unusual.
It may have been similar to the Anyswap exploit, which saw $7.9 million stolen due to a hacker reversing the private key.
Who Was Behind the Poly Network Hack?
According to the blockchain security company SlowMist, they have already discovered the cybercriminal’s ID. They also claim to have identified their email address, IP information, and device fingerprint.
The firm stated that the hacker’s resources were initially in monero (XMR), but were swapped for BNB, ETH and MATIC, and other tokens that were used to sponsor the cyberattack.
According to the BleepingComputer discoveries, the hackers started to receive tips on how to launder the stolen money and what not to do.
As a thank you for the suggestion to not transfer blocklisted USDT, the “adviser” received from the attackers 13.37 Ethereum tokens worth $41,474.41.
Poly Network tweeted that it will take legal actions as soon as possible and advised the thieves to give back the funds they’ve stolen.
We don’t know for sure yet how damaged Poly Network is following the attack, but networks depending on the platform may be forced to halt their operations. It already happened with O3, a trading pool that uses Poly to exchange tokens.
The network platform received a lot of support on Twitter from top management at large crypto exchanges that offered their help following the attack.
As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.
