Explainer: How hackers stole $613 million in crypto tokens from Poly Network

Business

Reuters 12 August, 2021 - 12:16am 55 views

How do hackers steal Cryptocurrency?

Bitcoin is a decentralized digital currency that uses cryptography to secure transactions. ... Hackers can steal bitcoins by gaining access to bitcoin owners' digital wallets. InvestopediaCan Bitcoin Be Hacked? - Cryptocurrency

For example, a customer could use Poly Network to transfer tokens such as bitcoin from the Ethereum blockchain to the Binance Smart Chain, perhaps looking to access a specific application.

It was not immediately clear from Poly Network’s website where the platform is based or who runs it. According to specialist crypto website Coindesk, Poly Network was launched by the founders of Chinese blockchain project Neo.

Poly Network operates on the Binance Smart Chain, Ethereum and Polygon blockchains. Tokens are swapped between the blockchains using a smart contract which contains instructions on when to release the assets to the counterparties.

One of the smart contracts that Poly Network uses to transfer tokens between blockchains maintains large amounts of liquidity to allow users to efficiently swap tokens, according to crypto intelligence firm CipherTrace.

Poly Network tweeted on Tuesday that a preliminary investigation found the hackers exploited a vulnerability in this smart contract.

According to an analysis of the transactions tweeted by Kelvin Fichter, an Ethereum programmer, the hackers appeared to override the contract instructions for each of the three blockchains and diverted the funds to three wallet addresses, digital locations for storing tokens. These were later traced and published by Poly Network.

The attackers stole funds in more than 12 different cryptocurrencies, including ether and a type of bitcoin, according to blockchain forensics company Chainalysis.

A person claiming to have perpetrated the hack said they had spotted a “bug,” without specifying, and that they wanted to “expose the vulnerability” before others could exploit it, according to digital messages posted on the Ethereum network published by Chainalysis. Reuters could not verify the authenticity of the messages.

As of late Wednesday, the hackers had returned $260 million of the assets, Poly Network said, but $353 million was outstanding. It is unclear where the remaining assets have gone.

Coindesk reported on Tuesday that the hackers had tried to transfer assets including tether tokens from one of the three wallets into liquidity pool Curve.fi, but that transfer was rejected. About $100 million has been moved out of another of the wallets and deposited into liquidity pool Ellipsis Finance, Coindesk also reported.

Curve.fi. and Ellipsis Finance could not immediately be reached for comment.

The hacker or hackers has not yet been identified.

Cryptocurrency security firm SlowMist said on its website that it has identified the attacker’s mailbox, internet protocol address, and device fingerprints, but the company has not yet named any individuals. SlowMist said the heist was “likely to be a long-planned, organized and prepared attack.”

Despite the purported hacker posing as a so-called “white hat”, an ethical hacker who aimed to identify the vulnerability for Poly Network and had “always” planned to give the money back, according to the messages published by Chainalysis, some crypto experts are skeptical.

Gurvais Grigg, chief technology officer at Chainalysis and former FBI veteran, said it was unlikely that white hat hackers would steal such a large sum. He said they had probably returned some of the funds because it had proved too difficult to convert them into cash.

“It’s hard to know the motivation ... Let’s see the if they return the whole amount,” he added.

Reporting by Michelle Price in Washington and Gertrude Chavez-Dreyfuss in New York; editing by Richard Pullin

Our Standards: The Thomson Reuters Trust Principles.

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.    You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages.    If you do not allow these cookies then some or all of these services may not function properly.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.    All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.    They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Read full article at Reuters

Huge crypto exchange hack sees $600m stolen

Infosecurity Magazine 11 August, 2021 - 02:52pm

Experts believe heist was made possible through a rare cryptography issue

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

According to The Block, since the theft, Tether has blacklisted about $33 million of the stolen USDT that was stolen in the attack. 

Meanwhile, Poly Network threatened the hackers with legal action urging them to return the loot, even as other members in the Defi space offered their assistance.

The Block suggests the hackers exploited a “cryptography issue,” which it added was a rarity without going into much detail.

Noting the impact of the hack on the wider cryptocurrency ecosystem, The Block shared that following the announcement, trading pool O3, which uses Poly Network for its operations, was forced to suspend its cross-chain functionality.

Thank you for signing up to TechRadar. You will receive a verification email shortly.

There was a problem. Please refresh the page and try again.

© Future US, Inc. 11 West 42nd Street, 15th Floor, New York, NY 10036.

Business Stories