Explainer: How hackers stole $600 mln in crypto tokens from Poly Network


Reuters 12 August, 2021 - 09:43am 59 views

Can Bitcoin be hacked?

Bitcoin transactions are recorded in a digital ledger called a blockchain. Blockchain technology and users' constant review of the system have made it difficult to hack bitcoins. Hackers can steal bitcoins by gaining access to bitcoin owners' digital wallets. InvestopediaCan Bitcoin Be Hacked? - Cryptocurrency

The "Industry Baby" musician, 22, opened up to Variety on the cover of their Power of Young Hollywood issue about his gay awakening, coming out and his current relationship, which he says is "special."

"I've had some good boyfriends and some bad ones. A lot of them were emotionally unavailable or had a lot of insecurity and whatnot," he told Variety. "I've found someone special now. I think this is the one. I can't explain it — it's just a feeling."

Back in October 2020, the rapper revealed he was dating someone in an interview with CR Men.  "I'm dating someone right now," he said. "We're not in a relationship yet, but it's been on and off for the past few months. I'm maybe going to try to go steady this time."

In his Variety interview, Lil Nas X shares he realized he was gay when he had a crush on his sister's cousin as early as age 5.

"I had feelings for my sister's cousin — we have different dads," he said. "I was like, 'Oh, my God, he's really cute,' and thought that about a lot of other boys my age."

The musician, however, explained that he didn't get into a full, committed relationship until he turned 18.

"I was 18, I believe," he said. "Before that, there was a guy who wasn't my boyfriend, but we met in middle school and we talked, after we both found out that each other were gay. But I didn't act on anything until high school — well, middle school, but then high school."

He added that experiencing homophobia "bred a lot of self-hate but it also made me stronger."

"Once I was 17 or 18, I finally accepted it — like, for sure accepted it, slowly, more and more — and now I've grown into a person that is 100% open with it," he said.

Experiencing homophobia continues to be an issue for the musician, especially after his "Montero (Call Me By Your Name)" video and BET Awards performance. When asked about homophobia in the hip-hop community, Lil Nas X said he'd rather not comment.

He also shared that after he dropped "Montero," someone chased his car yelling "F— you" before he "actually started getting security."

Lil Nas X also opened up about the difficulties he faced during the pandemic, which he said he spent "making music and crying."

"I think I spent all of the pandemic making music and crying — no in-betweens," he said. "For the first month or so, I did not leave my house, and once I did, I was super overly critical of everything I was making. I was letting everything online get to me and feeling like things were over for me."

But now, Lil Nas says "a totally different person."

As for his next album, he's "always trying to give people a show."

"I have a goal in my head for where I want to be, but my entire life and career has been just going in and winging it. Some things work really well and some don't work at all, and a lot of them are very much last minute — like, I planned the BET kiss literally a day or two before it happened," he said. "I just use anything that comes at me to my advantage, even things that others may see as a disadvantage."

Read full article at Reuters

Polynetwork says crooks have returned some of $610m hack haul after Twitter plea

Finextra 12 August, 2021 - 12:20pm

We are aware of the https://t.co/IgGJ0598Q0 exploit that occurred today. While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can. Stay #SAFU. 🙏 https://t.co/TG0dKPapQT

For Finextra's free daily newsletter, breaking news and flashes and weekly job board.

$600M gone: The biggest crypto theft in history

KSL.com 12 August, 2021 - 12:20pm

For example, a customer could use Poly Network to transfer tokens such as bitcoin from the Ethereum blockchain to the Binance Smart Chain, perhaps looking to access a specific application.

It was not immediately clear from Poly Network’s website where the platform is based or who runs it. According to specialist crypto website Coindesk, Poly Network was launched by the founders of Chinese blockchain project Neo.

Poly Network operates on the Binance Smart Chain, Ethereum and Polygon blockchains. Tokens are swapped between the blockchains using a smart contract which contains instructions on when to release the assets to the counterparties.

One of the smart contracts that Poly Network uses to transfer tokens between blockchains maintains large amounts of liquidity to allow users to efficiently swap tokens, according to crypto intelligence firm CipherTrace.

Poly Network tweeted on Tuesday that a preliminary investigation found the hackers exploited a vulnerability in this smart contract.

According to an analysis of the transactions tweeted by Kelvin Fichter, an Ethereum programmer, the hackers appeared to override the contract instructions for each of the three blockchains and diverted the funds to three wallet addresses, digital locations for storing tokens. These were later traced and published by Poly Network.

The attackers stole funds in more than 12 different cryptocurrencies, including ether and a type of bitcoin, according to blockchain forensics company Chainalysis.

A person claiming to have perpetrated the hack said they had spotted a “bug,” without specifying, and that they wanted to “expose the vulnerability” before others could exploit it, according to digital messages posted on the Ethereum network published by Chainalysis. Reuters could not verify the authenticity of the messages.

As of late Wednesday, the hackers had returned $260 million of the assets, Poly Network said, but $353 million was outstanding. It is unclear where the remaining assets have gone.

Coindesk reported on Tuesday that the hackers had tried to transfer assets including tether tokens from one of the three wallets into liquidity pool Curve.fi, but that transfer was rejected. About $100 million has been moved out of another of the wallets and deposited into liquidity pool Ellipsis Finance, Coindesk also reported.

Curve.fi. and Ellipsis Finance could not immediately be reached for comment.

The hacker or hackers has not yet been identified.

Cryptocurrency security firm SlowMist said on its website that it has identified the attacker’s mailbox, internet protocol address, and device fingerprints, but the company has not yet named any individuals. SlowMist said the heist was “likely to be a long-planned, organized and prepared attack.”

Despite the purported hacker posing as a so-called “white hat”, an ethical hacker who aimed to identify the vulnerability for Poly Network and had “always” planned to give the money back, according to the messages published by Chainalysis, some crypto experts are skeptical.

Gurvais Grigg, chief technology officer at Chainalysis and former FBI veteran, said it was unlikely that white hat hackers would steal such a large sum. He said they had probably returned some of the funds because it had proved too difficult to convert them into cash.

“It’s hard to know the motivation ... Let’s see the if they return the whole amount,” he added.

Reporting by Michelle Price in Washington and Gertrude Chavez-Dreyfuss in New York; editing by Richard Pullin

Our Standards: The Thomson Reuters Trust Principles.

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.    You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages.    If you do not allow these cookies then some or all of these services may not function properly.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.    All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.    They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

$600M Crypto Hacker Compares Themselves to Batman

Tom's Hardware 12 August, 2021 - 09:52am

But they sound more like The Joker

A transaction logged by Etherscan, which provides a one-click tool that can be used to view the transaction's input data as plain text, contained the following message (which we've converted from all-caps to sentence case for legibility's sake):

"To crypto noobs: in the defi world, code is law. Then who is the arbitrator? We, the hackers, are the armed forces. If you are given weapons and guarding billions from the crowd while being _anonymous_, will you be a terrorist or the batman?"

The hacker also shared messages intended for supporters who sent cryptocurrency to them, people asking them for some of their haul, and decentralized finance and security noobs in addition to their back-and-forth with Poly Network itself.

Poly Network responded with an offer of a security bounty in exchange for the remaining assets, but the hacker said, "what if I make a new token and let the [Decentralized Autonomous Organization] decide where the tokens go" in response.

That's when Poly Network tried another tack with the security bounty: "The decision made by DAO can't changed [sic] the fact that the assets are stolen from crypto believers," the company said. "We want to offer a security bounty and we hope it will be remembered as the biggest white hat hack in the history."

But the hacker didn't want that. "It's already a legend to win so much fortune," they said. "It will be an eternal legend to save the world. I made the decision, no more DAO." (Which, admittedly, reads better in the original all-caps message.)

The messages continued from there. So far, the hacker's returned $342 million of their stolen funds, according to Poly Network, which said this morning that the remaining $268 million worth of cryptocurrency is on the Ethereum blockchain.

Thank you for signing up to Tom's Hardware. You will receive a verification email shortly.

There was a problem. Please refresh the page and try again.

© Future US, Inc. 11 West 42nd Street, 15th Floor, New York, NY 10036.

Business Stories