DeFi is recovering from a huge blow - hundreds of millions have disappeared
The cryptocurrency market has been prone to the theft of funds through various hacks since its inception. This is mainly since this is a young industry that is constantly and extremely fast developing. Some applications, platforms and protocols enter the market without thorough testing and this creates space for attackers. At the same time, we are talking about one of the fastest-growing markets ever, and along with the rise in the prices of individual cryptocurrencies, the motivation of hackers is also rising.
Just a few days ago, one of the largest crypto hacks in history took place. The attacker targeted Poly Network and stole about $ 611 million. We can take this as a record, as a total of $ 550 million disappeared in the biggest hack in 2018. The attack on the Poly Network project is the largest in decentralized finances to date, increasing the total value of stolen funds to $ 1.1 billion this year. This value has already exceeded ten times the total losses caused by hacker attacks last year. The value was distributed between 3 blockchains - Ethereum ($ 273 million), Binance Smart Chain ($ 253 million) and Polygon ($ 85 million).
According to data on the Poly Network website, this is a protocol that is designed to run on multiple blockchains and perform transactions with their decentralized exchanges. They focus on borrowing funds and other services based on stablecoin technology. The platform interacts with multiple blockchains - Bitcoin, Ethereum, Binance Smart Chain, Ontology, Elrond, Zilliqa and others.
The hacker claims that the return of funds was planned from the beginning
The hack took place in a trading pool built in collaboration with O3 Labs, called O3 Swap. According to Igor Igamberdiev from The Block Research, the main cause of the security breach was a flaw in cryptography, which is quite unusual. The Poly Network team said that after a preliminary investigation of the incident, they managed to discover a vulnerability in their system, which offered the hacker the opportunity.
Despite the fact that the hacker managed to successfully transfer the stolen funds, he can enjoy them with big problems. He tried to "wash" some of them, for example through the Curve protocol and others. However, some of these transactions were unsuccessful as Tether added USDTs to the blacklist, making them virtually unusable. The hacker was even advised by a member of the community called "Hanashiro.eth" and he received 13.37 ETH worth about $ 42,000 as a reward. This rather strange initiative was subsequently joined by many other people who advise the hacker and refer to him as "Etherhood" in the posts.
The bad news for the attacker is the information that SlowMist has reported that they can trace his identity and have his email address, IP address and fingerprint. They want to provide the mentioned data and thus contribute to the detection of the hacker. Interestingly, Poly Network was able to contact the hacker through messages recorded in Ethereum transactions. Messages have informed him that his actions will be considered a serious economic crime in every country and will be prosecuted.
It seems that all the mentioned facts took over and to the surprise of all the hacker responded to the message in the same way. He wrote in his statement that if he moved the remaining shitcoins, it would be a billion-dollar hack. He claims that his intention was only to reveal the vulnerability and that, in fact, he is not interested in the funds at all. He declared that it was not an inside job and, on the contrary, he wanted to prevent it from similarly stealing by Poly Network or other entities in the future.
The hacker gradually began to return the stolen funds, and Poly Network has already confirmed that most of them have returned. The media report claims that he was offered a reward of $ 500,000 for returning the cryptocurrencies, which he refused. The company also wanted to agree with the attacker on "impunity" in the return of funds, and they were promised that they would not search for his identity. This offer is quite dubious, because the search for criminals is, of course, primarily a matter for law enforcement agencies, and they are certainly not interested in the gentlemen's agreement between the hacker and the Poly Network.