A well-planned, organized attack according to security firm SlowMist
Hackers have managed to steal more than $600 million from DeFi platform Poly Network, which operates across Ethereum, Polygon, and Binance Smart Chain. The stolen tokens came from all the different chains, making this hack possibly the biggest heist in DeFi history.
UPDATE: 2PM UTC, Hacker started returning tokens
According to Poly Network, the hackers used ‘a vulnerability between contract calls’ to syphon USDC, renBTC, wBTC, and wETH. Chinese cybersecurity firm SlowMist jumped on the news fast, and analysts have already identified the attacker’s email address, IP address, and device fingerprint. SlowMist believes the hacker was well organized and prepared.
What makes the heist even more interesting, are the hidden messages within the transactions. The hacker considered creating a DAO and letting the community decide where the stolen tokens will go.
The hacker found out that some tokens have been frozen, like for example stolen USDT tokens. At the same time, crypto exchanges like OKex, Binance, Huobi, and many others have blacklisted the involved crypto wallets. As a result, the hackers can’t use their services to move the tokens around.
The hacker now wants to return some of the tokens, or perhaps all of it. In an encrypted message, they wrote ‘Failed to contact Poly. I need a secured multisig wallet from you’, suggesting they are ready to return the money.
After that he started sending tokens back to Poly Network. On Polygon they sent $1 million in USDC back, while also sending $1,1 million in BTCB, $2 million in SHIB tokens and $600,000 in the stablecoin FEI. The hacker clearly didn’t send all the money back, but they added a message to one of their transactions stating: ‘The hacker is ready to surrender’. Whether they will return the money, or also turn themselves in to the authorities, remains a mystery for now.
DeFi isn’t without risk
Using DeFi is very empowering to users, and those who dare to take risks can earn from it. However, with every opportunity comes a major risk. Hacks like the one on Poly Network are an example of that. In addition, the DeFi market is filled with bad projects and rug pulls, and therefore research is key. Always research the projects you invest in. Know what you’re getting into, and when something sounds too good to be true… it probably is.