It is likely to be one of the biggest, if not the biggest DeFi hack of all time: an attacker relieved the “Poly Network” yesterday for assets worth around 600 million dollars.

Ethereum, Polygon and Binance Smart Chain Affected

The cross-chain interoperability network immediately posted the attacker’s addresses on Twitter. As a result, the real scale of the massive attack became clear: in total, cryptocurrencies worth more than $ 600 million were stolen, spread over three blockchains. The Ethereum blockchain accounted for a total of $ 273 million, the Binance Smart chain about $ 253 million, and Polygon almost $ 85 million.

The developers on Twitter:

“Important notice:
We regret to inform you that # PolyNetwork
@BinanceChain, @ethereum and @ 0xPolygon was attacked. The assets were transferred to the following addresses of the hackers:
ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71“

According to Poly Network, the attacker exploited a vulnerability between contract calls:

“After an initial investigation, we found the cause of the vulnerability. The hacker exploited a vulnerability between contract calls that was not, as was rumored, caused by the individual holder.“

In the meantime, the developers of Poly Network have asked miners of the affected blockchains and crypto exchanges to blacklist tokens originating from the disclosed addresses. True, the hacker was able to move the assets. However, some complied with the request and blacklisted assets (such as Tether). Thus, even attempts by the attacker to anonymize the coins by “washing” were partially unsuccessful.

Data researchers track down hackers

Poly Network also addressed the hacker directly in a message – and appeals to his reason with a warning about the criminal consequences. The developers write:

“The amount of money you hacked is the largest in the history of Defi. The law enforcement agencies of all countries will consider this a serious economic crime and you will be prosecuted. It is very unwise of you to make further transactions. The money you stole comes from tens of thousands of community members, that is, people.“

However, the security company “SlowMist” now claims to have already tracked down the hacker: They have identified the attacker’s IP address and device fingerprint. It is quite possible that the authorities have already taken further steps.

The attacker has spoken out in one of the transactions-and announced rebelliously:

“IT WOULD HAVE BEEN A BILLION HACK IF I HAD MOVED THE REMAINING S*ITCOINS! DID I JUST SAVE THE PROJECT? I’M NOT THAT INTERESTED IN MONEY AND AM NOW CONSIDERING WHETHER TO RETURN SOME TOKENS OR JUST LEAVE THEM HERE.“

Meanwhile, he has apparently let the words of the developers go through his head. He writes: he is now ready to return the funds.

According to the website, PolyNetwork sees itself as a protocol for operating across multiple blockchains. The platform has been integrated with Bitcoin, Ethereum, BSC, Zilliqa, Elrond, among others.

Buy BTC on eToro now

Top Brokers for buying and trading cryptocurrencies

  • Buy Real Bitcoin or Bitcoin CFDs
  • Wallet and Exchange in one
  • 14 + Cryptos
  • Excellent Trading Tools
  • Large knowledge and training database
  • Very good spreads

5/5

76.8% of CFD accounts lose money.

Cryptocurrencies are a highly volatile, unregulated investment product. Your capital is at risk.