How Hackers Stole And Returned $600 Mln In Tokens

Share post:

Hackers committed the biggest cryptocurrency heist on Tuesday, stealing more than $600 million in digital coins from the token-swapping platform Poly Network, only to return almost all of their assets less than 48 hours later, the company said.

Poly Network is a decentralized finance (DeFi) platform that conducts peer-to-peer transactions that allow users to transfer or exchange tokens across different blockchains.

Poly Network was founded by Chinese businessman Da Hongfei, who is currently head of blockchain platform Neo. It was launched in August 2020 as a collaboration between Neo, crypto-trading platform Switcheo and blockchain company Ontology.

One of the smart contracts that Poly Network uses to exchange tokens between blockchains has large amounts of liquidity to enable users to effectively exchange tokens, as crypto-messaging company CipherTrace puts it.

Poly Network said in a Tweet on Tuesday that a preliminary investigation found that the hackers exploited a security flaw in the smart contract.

After analyzing the transactions by Kelvin Fichter, an Ethereum programmer, the hackers were able to override the contract instructions for each of the three blockchains and redirect the money to three wallet addresses, digital locations for tokens. These were later tracked and published by Poly Network.

The hackers stole money in more than 12 different cryptocurrencies, including ether and a type of bitcoin.

A person claiming responsibility for the hack said they had detected a “bug,” without elaborating, and that they wanted to “expose the vulnerability” before others could exploit it.

Coindesk reported on Tuesday that the attackers first tried to transfer some assets from one of the three wallets to the liquidity pool Curve. fi, but this was rejected. About $100 million was transferred from another wallet and deposited into the liquidity pool of Ellipsis Finance.

On Wednesday, however, the attackers began transferring assets back to Poly Network in a wallet controlled by both parties, and by Thursday afternoon the attackers had returned almost all the assets, with only $33 million frozen from the Tether cryptocurrency platform.

It has not yet been possible to determine who or which group is responsible for the attack.

For more information, read the original story by Reuters.


Related articles

Amazon reviews losing trust as number of fake reviews are uncovered

Amazon's customer review system, once trusted for its verified buyer opinions, is increasingly under scrutiny as more and...

Apple Vision Pro U.S. sales plummet

Apple's Vision Pro headset, priced at $3,500, is experiencing a significant drop in U.S. sales. Market analysts report...

Security research team claims to have helped avert a major supply chain attack

JFrog Security Research team continuously scans public repositories such as Docker Hub, NPM, and PyPI to identify malicious...

Phishing attacks on state and local governments surge by 360%

Phishing attacks targeting state and local governments have surged by 360% between May 2023 and May 2024, according...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways