More than $600 million stolen in what is likely to be one of the biggest cryptocurrency thefts ever


CNBC 11 August, 2021 - 12:33am 69 views

What is poly network?

Poly Network allows users to swap tokens across different blockchains. The stolen funds amount to more than the criminal losses registered by the entire DeFi sector from January to July of a record $474 million, according to a report from crypto intelligence company CipherTrace published on Tuesday. Yahoo FinanceDeFi platform Poly Network reports hacking, loses estimated $600 million

More than $600 million has been stolen in what's likely to be one of the biggest cryptocurrency thefts ever.

Hackers exploited a vulnerability in Poly Network, a platform that looks to connect different blockchains so that they can work together.

Poly Network disclosed the attack on Twitter and asked to establish communication with the hackers, and urged them to "return the hacked assets."

A blockchain is a ledger of activities upon which various cryptocurrencies are based. Each digital coin has its own blockchain and they're different to each other. Poly Network claims to be able to make these various blockchains work with each other.

Poly Network is a decentralized finance platform. DeFi is a broad term encompassing financial applications based on blockchain technology that looks to cut out intermediaries — such as brokerages and exchanges. Hence, it's dubbed decentralized.

Proponents say this can make financial applications such as lending or borrowing more efficient and cheaper.

"The amount of money you hacked is the biggest in defi history," Poly Network said in another tweet.

Once the hackers stole the money, they began to send it to various other cryptocurrency addresses. Researchers at security company SlowMist said a total of more than $610 million worth of cryptocurrency was transferred to three different addresses.

Poly Network urged cryptocurrency exchanges to "blacklist tokens" coming from the addresses that were linked to the hackers.

About $33 million of Tether that was part of the theft has been frozen, according to the stablecoin's issuer.

Meanwhile, Changpeng Zhao, CEO of major cryptocurrency exchange Binance, said he was aware of the attack.

He said Binance is "coordinating with all our security partners to proactively help," but that "there are no guarantees."

"We will take legal actions and we urge the hackers to return the assets," Poly Network said on Twitter.

SlowMist said in a tweet that their researchers had "grasped the attacker's mailbox, IP, and device fingerprints" and are "tracking possible identity clues related to the Poly Network attacker."

The researchers concluded that the theft was "likely to be a long-planned, organized and prepared attack."

DeFi has become a key target for attacks.

Since the start of the year until July, DeFi-related hacks totaled $361 million — an increase of nearly three times from the whole of 2020, according to cryptocurrency compliance company CipherTrace.

DeFi-related fraud is also on the rise. In the first seven months of the year, they accounted for 54% of total crypto fraud volume versus 3% for all of last year.

Got a confidential news tip? We want to hear from you.

Sign up for free newsletters and get more CNBC delivered to your inbox

Get this delivered to your inbox, and more info about our products and services. 

Data is a real-time snapshot *Data is delayed at least 15 minutes. Global Business and Financial News, Stock Quotes, and Market Data and Analysis.

Read full article at CNBC

Plot Twist: The $600M PolyNetwork Hacker 'is Ready To Return The Funds'

CryptoPotato 11 August, 2021 - 02:28am

Your browser is ancient! Upgrade to a different browser or install Google Chrome Frame to experience this site.

The hacker behind the PolyNetwork attack has publicly stated that he is ready to return the funds.

The drama with the largest DeFi hack worth more than $600 million has taken another turn. After the perpetrator dabbled with potentially allowing a DAO to decide where the funds will go, he actually noted that he is ready to return them.

Sign-up FREE to receive our extended weekly market update and coin analysis report

A Person Behind $611M DeFi Hack Reveals Their Identity In Careless Mistake | Benzinga

Benzinga 10 August, 2021 - 08:38pm

What Happened: DeFi protocol Poly Network reported a total loss of over $611 million in an exploit earlier today, making it the biggest hack in DeFi history to date.

— Poly Network (@PolyNetwork2) August 10, 2021

The project notified users on Twitter that the compromised funds had been transferred to two wallet addresses on Ethereum (CRYPTO: ETH) and Polygon (CRYPTO: MATIC).

“We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses,” stated the project.

“We will take legal actions and we urge the hackers to return the assets.”

The stolen assets consisted of $273 million of Ethereum tokens, $253 million in tokens on Binance Smart Chain, and $85 million in USDC on the Polygon network.

O3 swap, a cross-chain liquidity aggregator and partner project was also involved in the exploit, losing $250 million funds as a result of its cross-chain bridge with Poly Network.

Both projects were launched behind the developers of the NEO (CRYPTO: NEO) blockchain, which has often been likened to the Chinese version of Ethereum.

Reports of a potential exploit first emerged when users of O3 Swap reported being unable to deposit and withdraw funds on the cross-link O3 Hub.

O3 Swap has now suspended its cross-chain services, according to an update from its Twitter account.

The Hacker: At the time of writing, blockchain security firm Slowmist said it had tracked down the attackers’ identity, email address, IP address, and fingerprints.

According to Slowmist, the attackers’ funds were funded by trading the privacy coin Monero (CRYPTO: XMR) for Binance Coin (CRYPTO: BNB), Ethereum, Polygon, and other tokens.

Click here, or sign up for our newsletter to explore more of Benzinga's Cryptocurrency market coverage, in-depth coin analysis, data, and reporting.

© 2021 Benzinga does not provide investment advice. All rights reserved.

Read the Latest Sports Betting News, Analysis, and Odds on Benzinga!

$27 of crypto when you complete education

$25 in BTC when you deposit $100

4 free stocks when you depost $100

© 2021 Benzinga | All Rights Reserved

$611 million in cryptocurrencies stolen in massive hack

Bloomberg 10 August, 2021 - 11:16am

The network tweeted the news and urged exchanges to block all of the funds that were taken.

"We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses," it tweeted, providing three addresses that it says the assets have been transferred to.

Poly Network swaps tokens across different blockchains, including Etereum and Ontology, as well as the blockchain for bitcoin. It was formed by an alliance between the teams behind multiple blockchain platforms, namely Neo, Ontology and Switcheo, according to The Block.

According to Cryptonews, $273 million in assets was taken in Ethereum tokens, $253 million in tokens on Binance Smart Chain and $85 million in U.S. Dollar Coin (USDC) tokens on the Polygon network.

"We will take legal actions and we urge the hackers to return the assets," Poly Network tweeted in a thread.

Some believe this attack is the largest hack ever seen in the cryptocurrency space.

The Chinese community believes that this may be the largest DeFi attack in history.

Since the attack, Tether, a form of stablecoin, managed to freeze roughly $33 million in tokens.

"We are aware of the exploit that occurred today. While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can," tweeted Changpeng Zhao, CEO of Binance, a cryptocurrency exchange.

The hack, according to The Block, forced O3, a trading pool that uses Poly Network to trade tokens among different blockchains, to suspend its cross-chain functionality.

Researchers suspect that the cause of the hack was a cryptography issue, which is rare in other instances of hacking. The attack on Poly Network may have been similar to the Anyswap exploit, an attack in July that saw $7.9 million stolen when a hacker reversed the private key.

A report from Reuters said that the DeFi sector of cybercrime registered losses of $474 million from January to July of this year.

"Just eight months into 2021 and DeFi hacks, thefts and frauds have already surpassed the total DeFi crimes from 2020," Dave Jevans, CipherTrace's chief executive officer, told Reuters. "This means regulators around the globe are paying closer attention to DeFi specifically."

Many DeFi applications run on the Ethereum blockchain, and the industry is seeing both an expansion and improved security infrastructure. Jevans said that expansion was sure to attract more crime.

"It shouldn't come as a surprise that as the DeFi ecosystem expands, so are DeFi crimes," he said.

Newsweek reached out to CipherTrace for additional comment but did not hear back before publication.

Sign-up to our daily newsletter for more articles like this + access to 5 extra articles

Daily news headlines & detailed briefings enjoyed by half a million readers.

Cross-Chain DeFi Site Poly Network Hacked; Hundreds of Millions Potentially Lost - CoinDesk

CoinDesk 10 August, 2021 - 08:56am

DeFi platform Poly Network was attacked on Tuesday, with the alleged hacker draining roughly $600 million in crypto.

Cross-chain decentralized finance (DeFi) platform Poly Network was attacked on Tuesday, with the alleged hacker draining roughly $600 million in crypto.

Poly Network, a protocol launched by the founder of Chinese blockchain project Neo, operates on the Binance Smart Chain, Ethereum and Polygon blockchains. Tuesday’s attack struck each chain consecutively, with the Poly team identifying three addresses where stolen assets were transferred.

At the time that Poly tweeted news of the attack, the three addresses collectively held more than $600 million in different cryptocurrencies, including USDC, wrapped bitcoin, wrapped ether and shiba inu (SHIB), blockchain scanning platforms show.

“We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses,” the Poly team tweeted.

The $600 million figure would place the Poly Network hack among the largest in crypto history.

Tether froze approximately $33 million in relation to the hack, Tether CTO Paolo Ardoino tweeted.

About one hour after Poly announced the hack on Twitter, the hacker tried to move assets including USDT through the Ethereum address into liquidity pool, records show. The transaction was rejected.

Meanwhile, close to $100 million has been moved out of the Binance Smart Chain address in the past 30 minutes and deposited into liquidity pool Ellipsis Finance.

The Poly team could not be reached for comment at the time of publication.

Poly Network was the second Chinese interoperability protocol to be featured on the government-backed Blockchain-based Service Network.

BlockSec, a China-based blockchain security firm, said in an initial attack analysis report that the hack may be triggered by the leak of a private key that was used to sign the cross-chain message.

But it also added that another possible reason is a potential bug during Poly’s signing process that may have been “abused” to sign the message.

According to another China-based blockchain security firm, Slowmist, the attackers’ original funds were in monero, a privacy-centric cryptocurrency, and were then exchanged for BNB, ETH, MATIC and a few other tokens. 

The attackers then initiated the attacks on Ethereum, BSC and Polygon blockchains. The finding was supported by Slowmist’s partners, including China-based exchange Hoo.

“Based on the flows of the funds and multiple fingerprint information, it is likely a long-planned, organized, and well-prepared attack,” Slowmist wrote.

In a response to the attack, a spokesperson from Binance Smart Chain told CoinDesk that as a “decentralized” blockchain, protocols and users on BSC need to take security measures “extremely seriously.”

“We are aware of the Poly exploit that has affected Ethereum, Polygon and BSC users,” the spokesperson said. “Recently, several trustless bridges have become victims of such critical attacks and we recommend security audits and necessary due diligence prior to interacting with any projects.”

The spokesperson said BSC is currently working with its security partners to provide as much support as possible to the ongoing investigation.

The Poly Network incident shows how nascent cross-chain protocols are particularly vulnerable to attacks. In July, cross-chain liquidity protocol Thorchain suffered two exploits in two weeks. Rari Capital, another cross-chain DeFi protocol, was hit by an attack in May, losing funds worth nearly $11 million in ETH.

“As evidenced by all the exploits we’ve seen, cross-chain is a very hard area … with the added complexity of connections with every other chain and all their idiosyncrasies,” Ryan Watkins, a research analyst at blockchain data firm Messari, said.

Business Stories