Hackers lift $610m in cryptocurrency from Poly Network

The company has pleaded with the hackers to return the stolen tokens

Physical manifestation of Ether cryptocurrency buried in gravel

Blockchain platform Poly Network has fallen victim to what is likely to be the largest cryptocurrency heist in history, with hackers making away with over $610 million (£440 million) worth of Ether, Binance, and USDC tokens.

The attack, which took place on Tuesday, saw cyber criminals exploit a vulnerability in Poly Network’s contract system, with the company confirming the news on its Twitter account.

Hours later, the blockchain platform announced that it had “located the cause of the vulnerability” following a “preliminary investigation”.

“The hacker exploited a vulnerability between contract calls, exploit was not caused by the single keeper as rumoured,” the company stated.

Cyber security researchers from SlowMist, which focuses on blockchain ecosystem security, said that the hacker took advantage of the _executeCrossChainTx function in order “to pass in carefully constructed data to modify the keeper of the EthCrossChainData contract”.

SlowMist researchers denied that the attack might have been caused by a stolen password, in a blog post detailing the attack.

“It is not the case that this event occurred due to the leakage of the keeper’s private key,” the team stated.

Related Resource

How to reduce the risk of phishing and ransomware

Top security concerns and tips for mitigation

Large letter 'O' against a background of a city - whitepaper from MimecastDownload now

Poly Network seemed to agree with SlowMist’s analysis by sharing the blog post with its Twitter followers. It also urged the hackers to “establish communication” to return the stolen $600 million worth of digital tokens in an open letter:

“The amount of money you have hacked is one of the biggest in defi [decentralised finance] history. Law enforcement in any country will regard this as a major economic crime and you will be pursued. The money you stole are [sic] from tens of thousands of crypto community members, hence the people. You should talk to us to work out a solution,” the company said in the note.

By 1pm BST, it also confirmed that the hackers had so far returned $4.7 million (£3.4 million) worth of digital currency.

Poly Network also asked “miners of affected blockchain and crypto exchanges to blacklist tokens” associated with the following address: BSC:0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71.

Prior to Tuesday’ hack, the attack on cryptocurrency exchange and wallet Coincheck in 2018 was seen as the largest cryptocurrency heist to date. However, the amount stolen from Poly Network is around $80 million higher than the $532 million plundered from Coincheck.

Poly Network wasn’t immediately available for comment.

Featured Resources

The ultimate guide to business connectivity in field services

A roadmap to increased workplace efficiency

Free download

The definitive guide to migrating to the cloud

Migrate apps to the public cloud with multi-cloud infrastructure solutions

Free download

Transform your network with advanced load balancing from VMware

How to modernise load balancing to enable digital transformation

Free download

How to secure workloads in hybrid clouds

Cloud workload protection

Free download

Recommended

Hackers spoof Zix in credential phishing attack
phishing

Hackers spoof Zix in credential phishing attack

28 Sep 2021
Women and BAME individuals are hardest hit by cyber crime
cyber crime

Women and BAME individuals are hardest hit by cyber crime

28 Sep 2021
Microsoft to scrap Basic Authentication in Exchange Online
Microsoft Windows

Microsoft to scrap Basic Authentication in Exchange Online

27 Sep 2021
What is a web filter?
cyber security

What is a web filter?

24 Sep 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

17 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

17 Sep 2021