Poly Network Says $600 Million in Cryptocurrency StolenPlatform Communicates With Hacker, Who Begins Returning Funds
This story has been updated.
A hacker breached the blockchain-based Poly Network platform to steal more than $600 million in cryptocurrency, the platform announced Tuesday. But Wednesday, it appeared the hacker had returned some of the stolen assets.
Poly Network, launched by the founder of Chinese blockchain project Neo, announced the incident in a series of tweets, saying: "We are sorry to announce that #PolyNetwork was attacked on @BinanceChain, @ethereum and @0xPolygon."
The platform says stolen assets were reportedly transferred to the following addresses:
- Ethereum: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963;
- Binance: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71;
- Polygon: 0x5dc3603C9D42Ff184153a8a9094a73d461663214.
Poly Network, which allows users to swap tokens across blockchains, says a hacker struck the chains consecutively, stealing more than $600 million in cryptocurrencies.
In making its announcement, Poly Network tweeted: "We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the [aforementioned] addresses." The platform also wrote: "We will take legal actions and we urge the hackers to return the assets."
In a follow-up post Tuesday addressed to the hacker, Poly Network wrote: "We urge you to return the hacked assets. The amount of money you hacked is the biggest one in the defi history."
It continued: "Law enforcement in any country will regard this as a major economic crime and you will be pursued."
As of Wednesday, the Poly Network hacker had reportedly returned $258 million of the stolen funds, according to London-based blockchain analysis firm Elliptic.
Earlier Wednesday, Poly Network initially confirmed that the hacker had returned at least $4.8 million of the stolen assets.
The hacker's return of funds "demonstrates that even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of analytics," says Tom Robinson, co-founder and chief scientist at Elliptic. "In this case, the hacker concluded that the safest option was just to return the stolen assets."
According to the blockchain firm, the hacker has also posted a Q&A in an ethereum message, calling the Poly Network "a decent system" and "one of the most challenging attacks." The hacker claims to have used a temporary and "untraceable" email and IP address.
A Poly Network spokesperson tells ISMG that "the hacker exploited a vulnerability, which is the _executeCrossChainTx function between contract calls. Therefore, the attacker uses this function to pass in carefully constructed data to modify the keeper of the EthCrossChainData contract.
"It is not the case that this event occurred due to the leakage of the keeper's private key," the spokesperson adds.
Cross-chain lending protocol Flux also took to Twitter on Wednesday, telling the alleged Poly Network hacker, "Instead of exploiting, become a #whitehat #hacker, as you're important to the future of decentralization for making it more secure and to increase mass acceptance of #blockchain & #crypto! #hackforgood."
Changpeng Zhao, CEO of the cryptocurrency exchange Binance, wrote on Twitter on Tuesday: "We are aware of the poly.network exploit that occurred today. While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can."
A Binance spokesperson tells ISMG, "We request Binance Smart Chain protocols and users to take security extremely seriously. We are aware of the Poly exploit that has affected Ethereum, Polygon and BSC users.
"Recently, several trustless bridges have become victims of such critical attacks and we recommend security audits and necessary due diligence prior to interacting with any projects," the spokesperson adds. "The investigation is still ongoing, we are coordinating with all our security partners to provide as much support as we can."
Jay Hao, CEO of Malta-based cryptocurrency exchange OKEx, tweeted Tuesday: ".@OKEx is already on the case. We're watching the flow of coins, and will do our best to manage the situation."
Paolo Ardoino, CTO of the Hong Kong-based cryptocurrency exchange Bitfinex, said Tether, a form of stablecoin controlled by Bitfinex, froze $33 million related to the attack.
A spokesperson for Tether tells ISMG: "We can confirm that on Aug. 10, Tether froze $33 million [in assets] on the Ethereum blockchain ... Tether is not involved in the process of identifying the hacker but will, as always, respond to law enforcement requests for assistance."
Blockchain watcher @Hsaka tweeted after the attack that users, including "hanashiro.eth," warned the attacker that tokens had been blacklisted.
SlowMist, a Chinese blockchain security firm, used Twitter on Tuesday to relay its initial findings in the wake of the attack, claiming: "[Our] security team has grasped the attacker's mailbox, IP, and device fingerprints through on-chain and off-chain tracking, and is tracking possible identity clues related to the Poly Network attacker."
In the same thread, the firm claimed that the hacker’s initial source of funds was monero, which was later exchanged for other tokens used to fund the attack.
SlowMist added: "Combining the flow of funds and multiple fingerprint information [that] can be found, this is likely to be a long-planned, organized and prepared attack."
The incident follows a new report from crypto intelligence firm CipherTrace, which said this week that crimes related to decentralized finance, or DeFi, "continue to grow quarter over quarter, with Q2 2021 netting criminals new highs in DeFi-related proceeds. "By July 2021, DeFi-related hacks total $361 million, already making up three-quarters of the total hack volume this year - a 2.7x increase from 2020."
The reported Poly Network attack also comes just a week after U.S. Securities and Exchange Commission Chairman Gary Gensler weighed in on volatile cryptocurrency markets, addressing ongoing concerns raised by risk management and security experts. Gensler called the market "rife with fraud, scams and abuse" (see: PayPal to Hire Dozens of Cryptocurrency Security Experts).