Cybercriminals were able to successfully steal over $600 million in cryptocurrency from the decentralized finance (DeFi) platform Poly Network—one of the largest crypto thefts of all-time.
After learning of the attack, the company put out the following tweet, asking the hackers to return the stolen assets:
Poly Network says Ethereum, Binance, and Polygon assets were stolen and transferred to three different wallet addresses:
- ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
- BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71
- Polygon: 0x5dc3603C9D42Ff184153a8a9094a73d461663214
The blockchain-based platform has called upon cryptominers to blacklist exchanges from these addresses and has warned it will be taking legal action.
As for how hackers were able to pull off a heist of this magnitude, a Poly Network spokesperson explained the attack vector used:
"The hacker exploited a vulnerability, which is the _executeCrossChainTx function between contract calls. Therefore, the attacker uses this function to pass in carefully constructed data to modify the keeper of the EthCrossChainData contract.
It is not the case that this event occurred due to the leakage of the keeper's private key."
With a hack of this scale and the threat of legal action, would the hackers heed the warnings of Poly Networks and return what was stolen?
Hackers return half of stolen cryptocurrencies
Apparently, the hackers were a bit skittish after reading Poly Network's tweets, as they have begun to return some of the stolen assets.
After posting addresses for where the stolen cryptocurrency could be returned, Poly shared an update on the situation:
$260 million (As of 11 Aug 04:18:39 PM +UTC) of assets had been returned:— Poly Network (@PolyNetwork2) August 11, 2021
The remainings are $269M on Ethereum, $84M on Polygon
Will the hackers stop there, or will they return the remaining assets, as well?
Crypto leaders respond to cyber heist
With $600 million possibly on the line in a case like this, many leaders in the cryptocurrency space took notice and are encouraging each other to do whatever they can.
The CEO of Binance, Changpeng Zhao, took to Twitter to share his thoughts on the situation:
"We are aware of the poly.network exploit that occurred today. While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can."
Meanwhile, another Binance spokesperson said this:
"We request Binance Smart Chain protocols and users to take security extremely seriously. We are aware of the Poly-exploit that has affected Ethereum, Polygon and BSC users.
Recently, several trustless bridges have become victims of such critical attacks and we recommend security audits and necessary due diligence prior to interacting with any projects. The investigation is still ongoing, we are coordinating with all our security partners to provide as much support as we can."
In another tweet, Jay Hao, CEO of Malta-based cryptocurrency exchange OKEx said:
".@OKEx is already on the case. We're watching the flow of coins, and will do our best to manage the situation."
As for why the hackers decided to return a portion of their looting, Tom Robinson, Chief Scientist of blockchain analytics firm Elliptic, discusses a few possibilities:
"I think this demonstrates that even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics.
In this case the hacker concluded that the safest option was just to return the stolen assets."
For more information and any updates on this situation, follow @PolyNetwork2 on Twitter.