Hackers lift $610m in cryptocurrency from Poly Network
The company has pleaded with the hackers to return the stolen tokens
Blockchain platform Poly Network has fallen victim to what is likely to be the largest cryptocurrency heist in history, with hackers making away with over $610 million (£440 million) worth of Ether, Binance, and USDC tokens.
Hours later, the blockchain platform announced that it had “located the cause of the vulnerability” following a “preliminary investigation”.
“The hacker exploited a vulnerability between contract calls, exploit was not caused by the single keeper as rumoured,” the company stated.
Cyber security researchers from SlowMist, which focuses on blockchain ecosystem security, said that the hacker took advantage of the _executeCrossChainTx function in order “to pass in carefully constructed data to modify the keeper of the EthCrossChainData contract”.
“It is not the case that this event occurred due to the leakage of the keeper’s private key,” the team stated.
How to reduce the risk of phishing and ransomware
Top security concerns and tips for mitigationFree download
Poly Network seemed to agree with SlowMist’s analysis by sharing the blog post with its Twitter followers. It also urged the hackers to “establish communication” to return the stolen $600 million worth of digital tokens in an open letter:
“The amount of money you have hacked is one of the biggest in defi [decentralised finance] history. Law enforcement in any country will regard this as a major economic crime and you will be pursued. The money you stole are [sic] from tens of thousands of crypto community members, hence the people. You should talk to us to work out a solution,” the company said in the note.
By 1pm BST, it also confirmed that the hackers had so far returned $4.7 million (£3.4 million) worth of digital currency.
Poly Network also asked “miners of affected blockchain and crypto exchanges to blacklist tokens” associated with the following address: BSC:0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71.
Prior to Tuesday’ hack, the attack on cryptocurrency exchange and wallet Coincheck in 2018 was seen as the largest cryptocurrency heist to date. However, the amount stolen from Poly Network is around $80 million higher than the $532 million plundered from Coincheck.
Poly Network wasn’t immediately available for comment.
Modern governance: The how-to guide
Equipping organisations with the right tools for business resilienceFree Download
Cloud operational excellence
Everything you need to know about optimising your cloud operationsWatch now
A buyer’s guide to board management software
Improve your board’s performance
The real world business value of Oracle autonomous data warehouse
Lead with a 417% five-year ROIDownload now