World’s Biggest Crypto Heist – Poly Network Hacker Stole Approx $600 million

Biggest hacks so far

On August 10, 2021, the World’s Biggest Cryptocurrency hack took place. According to the news from Blockchain Security Company SlowMist Zone, the Poly Network was attacked by the intruders and as a result, the intruders succeeded in committing the biggest theft of crypto worth more than $600 million. We can see several crypto hacking attempts in history but this one is the biggest.

SOME HISTORICAL CRYPTO SCAMS

  • In 2018, a crypto exchange firm named Coincheck in Tokyo lost almost $530 million worth of digital coins. It was a huge scam at that time. 
  • The Mt. Gox exchange, a Tokyo based company, collapsed after losing half a billion dollars worth of bitcoin.

The latest Poly Network attack is the biggest of all times that has shaken the investors and other crypto miners.

WHAT IS POLYNETWORK?

Poly Network is a decentralized finance (DeFi) platform that uses digital assets for financial transactions. Moreover, it is built to implement interoperability among several heterogeneous chains including Bitcoin, Ethereum, Neo, Ontology, BSC, HECO, OKExChain, Polygon, Elrond, Zilliqa and Cosmos-SDK. Surprisingly, Poly Network has transmitted more than $10 billion on different blockchains. 

DeFi is the acronym used for decentralized finance. DeFi platforms allow financial transactions in the form of digital currencies/cryptocurrencies. Unlike other financial organizations, exchanges and banks, these platforms are free of gatekeepers. With the advancement in technology, this sector has gained a huge spike since last year and earned $80 billion worth of digital coins.

HOW DID THE ATTACK HAPPEN?

On Tuesday, a tweet from Poly Network got viral stated that “We are sorry to announce that #PolyNetwork was attacked on @BinanceChain, @ethereum and @0xPolygon.” Unfortunately, the assets were transferred to the hacker’s following addresses.

ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963

BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71.

Later on, they asked the miners of the affected cryptocurrencies like Binance, HuobiGlobal, OKEx, Tether, BitGo, Uniswap and Circle Pay to block the tokens coming from the above-mentioned addresses.

Poly Network confesses that the hackers had entered into the system using weak loopholes and exploited a vulnerability between the contract calls. They also mentioned that the contract can change the keeper of the contract and initialize the transaction. Moreover, they also said that the estimated loss was more than $600 million. Poly Network said in the tweet, “The amount of money you hacked is the biggest in DeFi history.”

SlowMist news broadcasted that the attack was pre-planned and well organized. The attackers had stolen almost $610 million and transferred it to at least three addresses. 

HACKERS HAVE RETURNED ALMOST $260 MILLION TO THE POLY NETWORK

After the hackers had successfully succeeded in their plan, Poly Network took a step and threatened them to return the assets otherwise they would sue them legally. 

Poly Network wrote a letter to the hackers, which states that “The amount of money you hacked is the biggest one in DeFi history. Law enforcement in any country will regard this as a major economic crime and you will be pursued.” This letter also urged them to return the huge asset and eventually the recovery began after a few hours. 

The stolen assets consisted of $273 million of Ethereum tokens, $253 million in tokens on Binance Smart Chain and $85 million in USDC of the Poly Network.

SlowMist, a blockchain security company assured that they have tracked the ID and email address of the hacker and further investigation is in process. They also said that the attackers have used the Chinese crypto exchange Hoo for the attack, which later on became the clue for investigators to track the hackers.

On 11 August 2021, a blockchain analyst said that the hackers have started returning the stolen digital coins worth $600 million. On the same day, the attackers sent the message “Ready to return the fund!” in an Ethereum transaction that was sent from the Poly Network address to itself. This message was followed by another message that stated that “Failed to contact the Poly. I need a secured multi-sig wallet from you.” After a few minutes, the Poly Network team replied to the attacker that they are creating a multisig address and will send them soon. 

The public blockchain records and crypto tracking company Elliptic confessed that more than $4.8 million have been returned as of 7 am, London time and around $258 million have been returned by later afternoon and yet more recovery is expected. He said that almost a third of the total coins have been returned to the Poly Network.

The interesting thing is that a few minutes before returning the first transaction the hacker said that he was ready to surrender and sent the created token to the Poly Network. 

According to Tom Robinson, Elliptic co-founder, “the extraordinary move could have been prompted by the headaches of laundering stolen crypto on such a scale. Poly Network did not respond to requests for further details about the heist or the return of the funds. It was not immediately clear where the platform is based, or whether any law enforcement agency was investigating the heist.”

Furthermore, Robinson said, “There’s so much public attention on this, and exchanges will be on the lookout for customer deposits linked to this theft.”