Decentralized Finance or DeFi has just witnessed one of the largest synchronized and sophisticated attacks. Hackers successfully transferred cryptocurrencies, which include Binance Chain, Ethereum, and Polygon tokens, into their own crypto wallets.
Although the exact estimate isn’t yet ascertained, decentralized cross-chain protocol and network, PolyNetwork, has apparently lost more than $600 Million. This cryptocurrency theft might be the largest yet.
The cost of Poly Network exploitation has been the largest compared to the others up until now. pic.twitter.com/cshaHaXwXA
— Coin98 Analytics (@Coin98Analytics) August 10, 2021
Largest DeFi attack successfully hacks crypto broker and transfer thousands of digital tokens:
PolyNetwork has confirmed that it was a victim of a major attack. Attackers successfully compromised defenses, infiltrated the cryptocurrency holding vault. The as-yet-unknown hacker group has successfully transferred Binance Chain, Ethereum, and Polygon assets into their wallets.
Important Notice:
We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker's following addresses:
ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71— Poly Network (@PolyNetwork2) August 10, 2021
There is no definite value of the assets yet, and it might change as trading progresses. However, reports claim the value of stolen assets to be at least $611 million. This invariably makes the attack on PolyNetwork the largest on any DeFi network, yet.
It is important to note that multiple blockchain providers, namely, Neo, Ontology, and Switcheo, had jointly created PolyNetwork. The primary intention behind the platform was to enable users to exchange tokens across different crypto platforms, including Bitcoin and Ethereum.
The largest DeFi hack in history just took place on the Poly Network.
Ethereum – $273M
Binance Smart Chain – $253M
Polygon – $85MWe'll keep you updated as we learn more.
— Yano (@JasonYanowitz) August 10, 2021
According to preliminary analysis, the hackers successfully stole the following assets:
- Ethereum tokens: $273 million
- Binance Smart Chain: $253 million
- Polygon Network (in USDC): $85 million
The cryptocurrency community could help in ensuring hackers do not attempt such attacks in the future:
As multiple reports indicate, hackers have successfully transferred the digital tokens into their wallets. This essentially means the attackers possess the decentralized cryptocurrency.
Although the attackers possess the crypto coins, the cryptocurrency community can make it quite difficult or perhaps impossible even, to liquidate the stolen assets.
Punk 3100 bought for 42,000 ETH ($130,796,820 USD) by 0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963 (PolyNetwork Exploiter) from 0x7b8961. https://t.co/4tqKt8PgGl #cryptopunks #ethereum pic.twitter.com/b8fC2CqWK5
— CryptoPunks Bot | Daily Sales Updates (@0xCiniz) August 10, 2021
Centralized stablecoin provider Tether has blacklisted the USDT on Ethereum. The platform has blacklisted about $33 Million worth of tokens on its network.
Other cryptocurrencies could soon follow Tether’s example and blacklist the stolen assets. Simply put, these leading crypto-coin managers hold the power to refuse to deal with the stolen assets.
The #PolyNetwork hack is possibly the largest crypto hack so far. Is the root cause due to a *SINGLE* compromised signer key? Here is the hack flow!!! pic.twitter.com/GphK5e7Its
— PeckShield Inc. (@peckshield) August 10, 2021
Such a stance should make it extremely difficult for the hackers to offload or liquidate a large portion of the Binance Chain, Ethereum, and Polygon tokens. The group could sell the stolen cryptocurrencies to small groups or individuals. However, it would take a long time, and the chances of getting caught would increase.
We are aware of the https://t.co/IgGJ0598Q0 exploit that occurred today. While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can. Stay #SAFU. 🙏 https://t.co/TG0dKPapQT
— CZ 🔶 Binance (@cz_binance) August 10, 2021
Speaking of getting caught, it would be interesting to see how law enforcement reacts to the largest cryptocurrency theft. In addition to blacklisting the stolen tokens, PolyNetwork also confirmed it is seeking legal action.
“We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses. We will take legal actions and we urge the hackers to return the assets”
Imagine successfully stealing over $600m and have the people you stole from think there's a chance you might be willing to return it with what amounts to a passive-aggressive post-it note on the fridge.#PolyNetwork 🤣 pic.twitter.com/DXnUvYIErr
— Rick (WARNING: may contain traces of irony & puns) (@flippantflaneur) August 10, 2021
Blockchain security firm SlowMist claims it was able to trace the attacker’s ID. The firm also added it has identified the attacker’s email address, IP address, and device fingerprint.
SlowMist claims the attacker transacted in Monero (XMR) originally and exchanged the funds later for BNB, ETH, MATIC, and other tokens used to fund the attack.