Poly Network Breach Results in $600 Million Loss
Table of Contents
- By Steven
- Published: Aug 11, 2022
- Last Updated: Aug 11, 2022
Hackers plucked a tidy $600 million worth of cryptocurrency out of Poly Network accounts. Poly Network is a popular DeFi (decentralized finance) platform. However, there is a silver lining to this story. Most of the stolen money was returned to the platform within two days.
How was the Money Stolen?
The cryptocurrency was stolen from the accounts through a weakness within a smart contract. The digital miscreants took advantage of a susceptibility within the smart contract used to move tokens from one blockchain to the next. It appears as though the thieves overrode instructions about contracts for the blockchains to send funds to digital wallet addresses, including digital spaces for tokens. The tokens were subsequently tracked and published by the platform. In total, the hackers stole a dozen variants of crypto, including the ever-popular bitcoin and Ethereum.
It must be noted that an individual who claims responsibility for the attack insists they identified an exploitable bug though the hacker did not identify the specific bug in question. The hacker insists the attack was made to reveal the susceptibility, preventing a potentially devastating attack. The digital thief also insists the heist was pulled off using an IP address and email address that could not be tracked by Poly Network or law enforcement.
Digital security specialists who performed a deep dive into the attack insist the thief used the cryptocurrency referred to as monero as his or her beginning source of funds to spur the attack. The movement of funds combined with fingerprint information reveals the cyber attack was planned well ahead of time.
Why was the Stolen Crypto Returned?
The hacker returned the stolen crypto, except for a small amount, likely in an attempt to avoid extensive scrutiny from law enforcement. The reality of the situation is that the criminal likely found it difficult to launder the stolen crypto, gave up on the plan, and returned it to Poly Network. However, the mere fact that such attacks occur frequently is a testament to the importance of updating digital security protections.
How did Poly Network Respond to the Hack?
Poly Network took to Twitter to respond to the incident. The company rattled off several tweets apologizing for the attack. The organization's representatives also requested that the crypto miners of the compromised blockchain and affected cryptocurrency exchanges block interactions stemming from the addresses where any stolen crypto wound up. This proactive response to the attack ultimately made it that much more difficult for the attacker to launder the stolen crypto.
The blockchain is transparent, meaning third parties can view the transactions of others that occur on the digital ledger even if they don't have any financial interest in those transactions. As a result, attempts to launder stolen cryptocurrency, such as that taken from Poly Network as detailed above, are relatively easy to identify. Though hackers who steal crypto could go to the extent of slowly laundering the funds over years or even decades, doing so would require a significant amount of effort and raise suspicion from fellow blockchain enthusiasts as well as law enforcement.
