The interoperability protocol for cross-chain transactions between blockchains Polynetwork was exploited overnight when a hacker stole $600 million worth of investor’s crypto as we are reading more in our latest altcoin news today.
PolyNetwork was exploited in the biggest hack in the short history of DeFi. The interoperability protocol enabling atomic cross-chain transactions between blockchains got exploited out of $600 million. PolyNetwork announced that they had been attacked and listed the addresses to which the hacker transferred their funds on ETH, BSC, and Polygon networks, calling upon miners of the affected exchanges to blacklist them. The BSC, ETH, and polygon addresses involved $252M, $266M, and $85M worth of crypto respectively.
These include WITH, WBTC, RenBTC, DAI, UNI, SHIB, and FEI which totals to over $600M worth of crypto having being stolen and making the largest Defi hack to date. In dollar value terms, the Defi hack is not even comparable to Mt.Gox and Bitfinex exchange hacks which resulted in $500M and $750M of stolen funds at the time of the hack. It was discovered that the hacker’s initial source of funds was Monero which was converted to ETH, BNB, and MATIC in the exchange. The CEO of crypto exchange OKEx, Jay Hao reassured the victims and said:
“@OKEx is already on the case. We’re watching the flow of coins, and will do our best to manage the situation. Our wallet team will get in touch if we need more information.”
Analysis shows that the nature of the hack was a traditional compromising of the users’ private keys that was made easier due to the Smart Contract design decisions by PolyNetwork. The involved smart contracts belonging to the company used a single keeper wallet allowing them to sign off a contract transferring all funds to the address after obtaining the private key which could have been through various methods but the network hasn’t verified the smart contracts using Etherscan.
The hacker however stated that he is ready to return the funds. The latest information shows that the hacker was able to sign off a contract transferring the funds to his addresses after obtaining the relevant private key. PolyNetwork provided more explanations indicating that the perpetrator exploited a vulnerability in the contract calls but already made the decision to return the funds. PolyNetwork however said:
“law enforcement in any country will regard this as a major economic crime, and you will be pursued.”
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post