Grand Theft DeFi

Digital Pirates Pulls Off Defi History’s Biggest Heist

The hackers have set a record within the decentralized finance space by stealing more than $600 million raising a lot of eyebrows. Since the event, it has been the talk of the town among the investors.

The Ethereum address, which has been reported to be involved in the hack, contained 2,858 ETH tokens with a value of $266.5 million.

The Binance Smart Chain address has more than 6,610 BNB tokens. The value in USD terms represents just a bit over $252 million.

The Polygon address shows $85 million. The total amount stolen exceeds $600 million.

On August 10th at around 1 pm UTC, the official Twitter handle of PolyNetwork announced that it had experienced a security breach.

“It Is The Opportunity That Makes The Thief”

It was soon discovered that the hacker’s initial source of funds was Monero (XMR), which he then converted to ETH, BNB, and MATIC in the exchange. The nature of the hack was using private keys, access to the keys was made easier due to the Smart Contract design adopted by PolyNetwork.

A smart contract belonging to PolyNetwork used a single keeper wallet, which allowed the hacker to sign a contract transferring all funds to his address.

Salient point - PolyNetwork had not verified their smart contracts using Etherscan.

“You May Be A Thief But There’s Far Better In You Than Bad”

PolyNetwork published the following message trying to establish a communication channel with the hacker and retrieve part of the DeFi tokens:

“When a thief kisses you, you count your teeth”

The hacker then sends a transaction from one of the wallets containing the stolen funds back to the same wallet. It included a message that reads:

“IT WOULD HAVE BEEN A BILLION HACK IF I HAD MOVED REMAINING SHITCOINS! DID I JUST SAVE THE PROJECT? NOT SO INTERESTED IN MONEY, NOW CONSIDERING RETURNING SOME TOKENS OR JUST LEAVING THEM HERE”

Generous Hacker Rewards Tipper While Being Chased

PolyNetwork advised its customers, including cryptocurrency exchanges like Binance and Coinbase as well as miners to block transactions from specific addresses to prevent the hacker from exchanging digital tokens into cryptocurrencies. 

In response to Polynetwork's request, Tether froze approximately $33 million. A random guy tipped the hacker regarding the freezing of USDT. Now, what do you expect from pirates who turned millionaires in a matter of a few minutes? Yeah, you are right, the guy was instantly rewarded with 13.37 ETH by the hackers. 

SlowMist, a blockchain security firm said in a tweet that their researchers had “grabbed the attacker’s inbox, IP and device fingerprints and are tracking possible identity clues relating to the PolyNetwork attacker. 

Reactions From Centralised Exchanges

Changpeng Zhao CEO of the cryptocurrency exchange Binance, wrote on Twitter:

Jay Hao, CEO of Malta-based cryptocurrency exchange OKEx tweeted:

Paolo Ardoino CTO of the Hong Kong-based cryptocurrency exchange Bitfinex tweeted:

CHECKMATE "The hacker is ready to surrender"

In a strange turn of events Wednesday, the hackers began returning some of the funds they stole. The move came less than a day since the attacker’s ID information was reportedly obtained by Slowmist. The hackers sent a message to PolyNetwork embedded in a cryptocurrency transaction saying “Ready to return”. The DeFi platform responded requesting the money be sent to three crypto addresses. Seven minutes before sending the first transaction returning some of the funds the hacker created a token called the “Hacker is ready to surrender”. At the time of writing this article, most of the stolen assets have been returned by the hackers.

The Dark Knight - A Twist In The Tale

The hackers have been leaving messages alongside the transactions. In one such message, the hacker said that they “just dumped all the assets,” and  “hacking for good, I did save the project”. Adding more spice to the events the online pirates are asking for donations for their generosity. They also conducted a Q&A explaining the motivations for the attack. The online pirates said they took the funds “to keep it safe” after spotting a bug in the smart contract. The hackers ended the story by saying “I prefer to stay in the dark and save the world”.   

DeFi - Hacker’s Honey Pot

About $80 billion is locked in DeFi applications, making them an attractive target. This year, DeFi-related hacks made up more than 60% of the total hack and theft volume of crypto attacks, rising from 20% in 2020, according to crypto security company CipherTrace. At $156 million, the amount netted from DeFi-related hacks in the first five months of 2021 already surpasses the $129 million DeFi-related hacks throughout all of 2020, CipherTrace said.

Key Takeaways

During this unfortunate event in the Defi, We could see Twitter on fire within minutes after the first report. People following various block explorers started capturing every movement of the hackers moving the funds. Weird messages embedded into the transactions were just entertainment at its core. People from different parts of the globe reported and shared lessons within a matter of hours. Immaculate transparency could be noticed during this course of events which might almost be impossible to achieve in the real world situation.

"I think this demonstrates that even if you can steal crypto-assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics.”

Tom Robinson, Chief scientist of blockchain analytics firm Elliptical sent via email.