Largest DeFi Hack: $611 Million Stolen from Poly Network

by Arnab Shome
  • The DeFi team has identified three addresses where the stolen funds have been stored.
Largest DeFi Hack: $611 Million Stolen from Poly Network
Bloomberg
Join our Crypto Telegram channel

The vulnerability of Blockchain infrastructure has been highlighted again as $611 million worth of Cryptocurrencies were siphoned from cross-chain protocol, Poly Network on Tuesday, making it one of the largest crypto heists to date.

Launched by the founder of the Chinese blockchain project Neo, Poly Network enables swapping of tokens on the Binance Smart Chain, Ethereum and Polygon blockchains. All three blockchains were targeted on Tuesdays’ attack.

Poly team has identified and published the three addresses where the attackers stored the stolen funds.

Blockchain scanning platform data of the three addresses shows that $273 million in Ether were stolen, along with $253 million in tokens from the Binance Smart Chain and $85 million in USDC on the Polygon network.

Actions After the Hack

The Poly team has already requested miners to block the transactions originating from the three addresses, and the community is following through. Tether has already blacklisted the USDT tokens on Ethereum that constitute roughly $33 million in the stolen proceeds.

“We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses,” the Poly team tweeted.

Additionally, Binance CEO Changpeng Zhao assured coordination with Poly, but highlighted that no one controls the blockchains and ‘there are no guarantees'.

Around an hour after the attack, the hackers tried to move cryptos including USDT through the ETH address in liquidity pool Curve.fi, but the transaction was rejected. However, another $100 million in assets were moved from the Binance Chain and deposited into liquidity pool Ellipsis Finance.

Though the exact way of breaching the protocol security is not yet known, several blockchain investigation companies have already initiated probes. According to Chinese blockchain security firm, BlockSec, the attack might have been triggered with the leak of private keys or through a bug during Poly’s signing process.

Another Chinese security firm, Slowmist, identified that the attackers used the privacy token Monero as their original funds, which obtained the information from its Chinese exchange partner, Hoo. Furthermore, the company claims that it has identified the attackers’ email address, IP information and device fingerprint.

The vulnerability of Blockchain infrastructure has been highlighted again as $611 million worth of Cryptocurrencies were siphoned from cross-chain protocol, Poly Network on Tuesday, making it one of the largest crypto heists to date.

Launched by the founder of the Chinese blockchain project Neo, Poly Network enables swapping of tokens on the Binance Smart Chain, Ethereum and Polygon blockchains. All three blockchains were targeted on Tuesdays’ attack.

Poly team has identified and published the three addresses where the attackers stored the stolen funds.

Blockchain scanning platform data of the three addresses shows that $273 million in Ether were stolen, along with $253 million in tokens from the Binance Smart Chain and $85 million in USDC on the Polygon network.

Actions After the Hack

The Poly team has already requested miners to block the transactions originating from the three addresses, and the community is following through. Tether has already blacklisted the USDT tokens on Ethereum that constitute roughly $33 million in the stolen proceeds.

“We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses,” the Poly team tweeted.

Additionally, Binance CEO Changpeng Zhao assured coordination with Poly, but highlighted that no one controls the blockchains and ‘there are no guarantees'.

Around an hour after the attack, the hackers tried to move cryptos including USDT through the ETH address in liquidity pool Curve.fi, but the transaction was rejected. However, another $100 million in assets were moved from the Binance Chain and deposited into liquidity pool Ellipsis Finance.

Though the exact way of breaching the protocol security is not yet known, several blockchain investigation companies have already initiated probes. According to Chinese blockchain security firm, BlockSec, the attack might have been triggered with the leak of private keys or through a bug during Poly’s signing process.

Another Chinese security firm, Slowmist, identified that the attackers used the privacy token Monero as their original funds, which obtained the information from its Chinese exchange partner, Hoo. Furthermore, the company claims that it has identified the attackers’ email address, IP information and device fingerprint.

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}