In the past forty-eight hours, cross-chain decentralized finance (DeFi) solution, Poly Network was hacked to the tune of over $600 million.
Created by the Founder of NEO, the Poly Network discovered three wallet addresses the hackers used to siphon funds.
It seems the hacker is a white hatter (one driven by ethics) as they returned several sums to Poly network.
It was, of course, after several calls on Twitter by the Poly Network team to key actors within the cryptocurrency community to blacklist the wallets the hackers used.
Assets involved include $BUSD $BTCB $ETHB $BNB.
BSC:0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses. @PaxosGlobal @BinanceChain @binance
— Poly Network (@PolyNetwork2) August 10, 2021
The Poly Network Attack Took Careful Planning
From the nature of the attack, the Poly Network took a lot of planning and peering into the smart contracts that govern the Poly Network.
The hack involved exploiting a specific loophole.
After preliminary investigation, we located the cause of the vulnerability. The hacker exploited a vulnerability between contract calls, exploit was not caused by the single keeper as rumored.
— Poly Network (@PolyNetwork2) August 10, 2021
This loophole has more to do with transaction execution than with other operations.
It raises questions about the various security audits and other practices that protect the cryptocurrency space from such attacks.
It also means that Poly Network’s internal security policies failed to spot the loophole that was used by the
It Could be the Largest Cryptocurrency Hack in History
Going by the various antecedents of other hackers, this hack is currently the biggest heist in the history of the cryptocurrency space.
It comes when cryptocurrencies and their underlying technologies are becoming a part of popular culture.
They are receiving mainstream attention from the general public.
It points to the fact that cross-chain applications are the soft underbelly of the decentralized finance (DeFi) space. They could be the new focal point for fresh attacks after the flash loan hacks that took the world by storm last year.
The Cryptocurrency Space Steps In
Tether CTO Paulo Ardoino had already indicated yesterday on Twitter that his team froze $33 million.
. @Tether_to just froze ~33M $USDt on 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963 as part of the #PolyNetwork hack https://t.co/EviPTAkQJD
— Paolo Ardoino 🍐 (@paoloardoino) August 10, 2021
On his part, Changpeng “CZ” Zhao indicated the Binance team is aware of the attack and is doing all it can to help.
We are aware of the https://t.co/IgGJ0598Q0 exploit that occurred today. While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can. Stay #SAFU. 🙏 https://t.co/TG0dKPapQT
— CZ 🔶 Binance (@cz_binance) August 10, 2021
It shows that self-regulation and policing could help stem the tide of such attacks if the attackers are aware of such consequences.
However, total cooperation from the other members of the cryptocurrency space may be far-fetched for now, as many complexities exist in implementing such industry-wide practices.
What’s Next for Poly Network?
As the world watches the cryptocurrency space in fascination, Poly Network and other cross-chain services like it are in for hot summer as other attacks are likely to follow.
On their own, distributed ledgers are secure.
However, cross-chain services and exchanges can be insecure, as there are many complexities to consider when securing such services.
Then again, this could be a field day for cryptocurrency insurance.
For now, the Poly Network events are still unfolding.