WASHINGTON: Hackers on Tuesday pulled off the biggest cryptocurrency theft ever, stealing $613 million in digital coins from a token-swapping platform poly network, only to return $260 million worth of tokens after less than 24 hours, the company said. Here’s what we know about the robbery so far.
What is a poly network?
A lesser-known name in the crypto world, Poly Network is a decentralized finance (DeFi) platform that facilitates peer-to-peer transactions with a focus on allowing users to transfer or swap tokens across different blockchains. .
For example, a customer can use the Poly network to transfer tokens such as bitcoin. Ethereum Looking to access the blockchain to a specific application, perhaps for the Binance smart chain.
It was not immediately clear from the Poly Networks website where the platform is located or who runs it. According to specialist crypto website Coindesk, Poly Network was launched by the founders of the Chinese blockchain project Neo.
How did the hackers steal the tokens?
Poly Network Binance Smart Chain, Ethereum and . works on polygon Blockchain. Tokens are swapped between blockchains using a smart contract that contains instructions on when to issue assets to counterparties.
According to crypto intelligence firm CipherTrace, one of the smart contracts used by the Poly Network to move tokens between blockchains holds a large amount of liquidity so that users can efficiently swap tokens.
Poly Network tweeted on Tuesday that preliminary investigations found hackers exploited a vulnerability in this smart contract.
According to an analysis of the transaction tweeted by Ethereum programmer Calvin Feicher, the hackers overrode the contract instructions for each of the three blockchains and sent funds to three wallet addresses, the digital locations to store tokens. These were later discovered and published by Pauli Networks.
According to blockchain forensics company Chainalysis, the attackers stole funds in more than 12 different cryptocurrencies, including ether and a type of bitcoin.
According to digital messages posted to the Ethereum network published by Chainalysis, a person claiming to have hacked said they saw a “bug” without specifying, and they wanted to “exploit the vulnerability” before Others can take advantage of it. Reuters could not confirm the authenticity of the messages.
Where did the money go?
Poly Network said that as of late Wednesday, the hackers had returned $260 million in assets, but $353 million was owed. Where the rest of the property went is not clear.
Coindesk reported on Tuesday that hackers attempted to transfer assets, including Tether tokens, from one of three wallets to liquidity pool Curve.fi, but that transfer was rejected. About $100 million withdrawn from other wallets and deposited in liquidity pools Ellipsis Finance, Coindesk also reported.
curve.fi. And Ellipsis Finance could not immediately be reached for comment.
Who is the hacker?
The hacker or hackers are yet to be identified.
cryptocurrency security firm slow mist On its website it said it had identified the attacker’s mailbox, Internet Protocol address and the fingerprint of the device, but the company has not yet named anyone. Slomist said the robbery was “likely a long-planned, organized and prepared attack.”
According to messages published by some crypto experts, the hacker purportedly masquerades as the so-called “white hat”, an ethical hacker who aimed to identify a vulnerability for the Poly Network and was planning to “always” give the money back. are doubtful.
Chainalysis chief technology officer and former FBI veteran Gurvais Grieg said it was unlikely white hat hackers would steal such a huge amount. He said he probably returned some of the funds because converting them into cash had proved too difficult.
“It’s hard to know the motivation… let’s see if they refund the full amount,” he said.
What is a poly network?
A lesser-known name in the crypto world, Poly Network is a decentralized finance (DeFi) platform that facilitates peer-to-peer transactions with a focus on allowing users to transfer or swap tokens across different blockchains. .
For example, a customer can use the Poly network to transfer tokens such as bitcoin. Ethereum Looking to access the blockchain to a specific application, perhaps for the Binance smart chain.
It was not immediately clear from the Poly Networks website where the platform is located or who runs it. According to specialist crypto website Coindesk, Poly Network was launched by the founders of the Chinese blockchain project Neo.
How did the hackers steal the tokens?
Poly Network Binance Smart Chain, Ethereum and . works on polygon Blockchain. Tokens are swapped between blockchains using a smart contract that contains instructions on when to issue assets to counterparties.
According to crypto intelligence firm CipherTrace, one of the smart contracts used by the Poly Network to move tokens between blockchains holds a large amount of liquidity so that users can efficiently swap tokens.
Poly Network tweeted on Tuesday that preliminary investigations found hackers exploited a vulnerability in this smart contract.
According to an analysis of the transaction tweeted by Ethereum programmer Calvin Feicher, the hackers overrode the contract instructions for each of the three blockchains and sent funds to three wallet addresses, the digital locations to store tokens. These were later discovered and published by Pauli Networks.
According to blockchain forensics company Chainalysis, the attackers stole funds in more than 12 different cryptocurrencies, including ether and a type of bitcoin.
According to digital messages posted to the Ethereum network published by Chainalysis, a person claiming to have hacked said they saw a “bug” without specifying, and they wanted to “exploit the vulnerability” before Others can take advantage of it. Reuters could not confirm the authenticity of the messages.
Where did the money go?
Poly Network said that as of late Wednesday, the hackers had returned $260 million in assets, but $353 million was owed. Where the rest of the property went is not clear.
Coindesk reported on Tuesday that hackers attempted to transfer assets, including Tether tokens, from one of three wallets to liquidity pool Curve.fi, but that transfer was rejected. About $100 million withdrawn from other wallets and deposited in liquidity pools Ellipsis Finance, Coindesk also reported.
curve.fi. And Ellipsis Finance could not immediately be reached for comment.
Who is the hacker?
The hacker or hackers are yet to be identified.
cryptocurrency security firm slow mist On its website it said it had identified the attacker’s mailbox, Internet Protocol address and the fingerprint of the device, but the company has not yet named anyone. Slomist said the robbery was “likely a long-planned, organized and prepared attack.”
According to messages published by some crypto experts, the hacker purportedly masquerades as the so-called “white hat”, an ethical hacker who aimed to identify a vulnerability for the Poly Network and was planning to “always” give the money back. are doubtful.
Chainalysis chief technology officer and former FBI veteran Gurvais Grieg said it was unlikely white hat hackers would steal such a huge amount. He said he probably returned some of the funds because converting them into cash had proved too difficult.
“It’s hard to know the motivation… let’s see if they refund the full amount,” he said.
.