Digital Pirates Pulls Off Defi History’s Biggest Heist
The hackers have set a record within the decentralized finance space by stealing more than $600 million raising a lot of eyebrows. Since the event, it has been the talk of the town among the investors.
The Ethereum address, which has been reported to be involved in the hack, contained 2,858 ETH tokens with a value of $266.5 million.
The Binance Smart Chain address has more than 6,610 BNB tokens. The value in USD terms represents just a bit over $252 million.
The Polygon address shows $85 million. The total amount stolen exceeds $600 million.
On August 10th at around 1 pm UTC, the official Twitter handle of PolyNetwork announced that it had experienced a security breach.
Important Notice:— Poly Network (@PolyNetwork2) August 10, 2021
We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker's following addresses:
“It Is The Opportunity That Makes The Thief”
It was soon discovered that the hacker’s initial source of funds was Monero (XMR), which he then converted to ETH, BNB, and MATIC in the exchange. The nature of the hack was using private keys, access to the keys was made easier due to the Smart Contract design adopted by PolyNetwork.
A smart contract belonging to PolyNetwork used a single keeper wallet, which allowed the hacker to sign a contract transferring all funds to his address.
Salient point - PolyNetwork had not verified their smart contracts using Etherscan.
“You May Be A Thief But There’s Far Better In You Than Bad”
PolyNetwork published the following message trying to establish a communication channel with the hacker and retrieve part of the DeFi tokens:
“When a thief kisses you, you count your teeth”
The hacker then sends a transaction from one of the wallets containing the stolen funds back to the same wallet. It included a message that reads:
“IT WOULD HAVE BEEN A BILLION HACK IF I HAD MOVED REMAINING SHITCOINS! DID I JUST SAVE THE PROJECT? NOT SO INTERESTED IN MONEY, NOW CONSIDERING RETURNING SOME TOKENS OR JUST LEAVING THEM HERE”
Generous Hacker Rewards Tipper While Being Chased
PolyNetwork advised its customers, including cryptocurrency exchanges like Binance and Coinbase as well as miners to block transactions from specific addresses to prevent the hacker from exchanging digital tokens into cryptocurrencies.
In response to Polynetwork's request, Tether froze approximately $33 million. A random guy tipped the hacker regarding the freezing of USDT. Now, what do you expect from pirates who turned millionaires in a matter of a few minutes? Yeah, you are right, the guy was instantly rewarded with 13.37 ETH by the hackers.
SlowMist, a blockchain security firm said in a tweet that their researchers had “grabbed the attacker’s inbox, IP and device fingerprints and are tracking possible identity clues relating to the PolyNetwork attacker.
1)The cross-chain interoperability protocol @PolyNetwork2 was attacked, and a total of more than 610 million US dollars were transferred to 3 addresses. The impact caused the transfer of large assets of the O3 Swap cross-chain pool.— SlowMist (@SlowMist_Team) August 10, 2021
Reactions From Centralised Exchanges
Changpeng Zhao CEO of the cryptocurrency exchange Binance, wrote on Twitter:
We are aware of the https://t.co/IgGJ0598Q0 exploit that occurred today. While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can. Stay #SAFU. 🙏 https://t.co/TG0dKPapQT— CZ 🔶 Binance (@cz_binance) August 10, 2021
Jay Hao, CEO of Malta-based cryptocurrency exchange OKEx tweeted:
.@OKEx is already on the case. We're watching the flow of coins, and will do our best to manage the situation.— Jay_OKEX_CEO (@JayHao8) August 10, 2021
Our wallet team will get in touch if we need more information. https://t.co/crD296bNdQ
Paolo Ardoino CTO of the Hong Kong-based cryptocurrency exchange Bitfinex tweeted:
. @Tether_to just froze ~33M $USDt on 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963 as part of the #PolyNetwork hack https://t.co/EviPTAkQJD— Paolo Ardoino (@paoloardoino) August 10, 2021
CHECKMATE "The hacker is ready to surrender"
In a strange turn of events Wednesday, the hackers began returning some of the funds they stole. The move came less than a day since the attacker’s ID information was reportedly obtained by Slowmist. The hackers sent a message to PolyNetwork embedded in a cryptocurrency transaction saying “Ready to return”. The DeFi platform responded requesting the money be sent to three crypto addresses. Seven minutes before sending the first transaction returning some of the funds the hacker created a token called the “Hacker is ready to surrender”. At the time of writing this article, most of the stolen assets have been returned by the hackers.
The Dark Knight - A Twist In The Tale
The hackers have been leaving messages alongside the transactions. In one such message, the hacker said that they “just dumped all the assets,” and “hacking for good, I did save the project”. Adding more spice to the events the online pirates are asking for donations for their generosity. They also conducted a Q&A explaining the motivations for the attack. The online pirates said they took the funds “to keep it safe” after spotting a bug in the smart contract. The hackers ended the story by saying “I prefer to stay in the dark and save the world”.
DeFi - Hacker’s Honey Pot
About $80 billion is locked in DeFi applications, making them an attractive target. This year, DeFi-related hacks made up more than 60% of the total hack and theft volume of crypto attacks, rising from 20% in 2020, according to crypto security company CipherTrace. At $156 million, the amount netted from DeFi-related hacks in the first five months of 2021 already surpasses the $129 million DeFi-related hacks throughout all of 2020, CipherTrace said.
During this unfortunate event in the Defi, We could see Twitter on fire within minutes after the first report. People following various block explorers started capturing every movement of the hackers moving the funds. Weird messages embedded into the transactions were just entertainment at its core. People from different parts of the globe reported and shared lessons within a matter of hours. Immaculate transparency could be noticed during this course of events which might almost be impossible to achieve in the real world situation.
Looks like the story had a somewhat happy ending.— Redlion.news (@redlion_news) August 12, 2021
It appears that funds are safu 🥳
Read The extensive article coming out this Sunday on the Gazette 🗞️ https://t.co/lDalikzdpW
"I think this demonstrates that even if you can steal crypto-assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics.”
Tom Robinson, Chief scientist of blockchain analytics firm Elliptical sent via email.