Hacker Shares Reason for $600 mln Poly Network Theft, Returns $342 mln
The alleged hacker who exploited Poly Network has indicated in a Q&A published on the Ethereum network the motive behind the cross chain breach in which digital assets worth about $600 mln was stolen.
The heterogeneous interoperability protocol alliance, which has enabled cross-chain asset transfer of more than US$7 bln involving more than 150,000 addresses on different blockchains since its launch, was hacked on Aug 10 in what has been described as one of the largest heist in the industry.
According to John Wang of Ecosystem Growth at Poly Network, some of the chains that the DeFi platform has already integrated include Bitcoin, Ethereum, Neo, Ontology, Heco, BSC, OKExChain, Elrond, Zilliqa, and Cosmos-SDK.
The attacker modified the keeper of the EthCrossChainData contract function to carry out the hack, a SlowMist security team analysis shows.
We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker's following addresses:
— Poly Network (@PolyNetwork2) August 10, 2021
Why Poly Network hack?
It was for fun, the hacker notes. “Cross chain hacking is hot,” s/he states in one of the broadcasts even as it is being reported that the hacker has started returning some of the stolen money.
Initially, the three addresses involved in the attack – Ethereum, BSC, and Polygon – show volumes of $266.5 mln, $252 mln, and $85 mln worth of crypto assets, respectively. However, according to Poly Network, $342 million of assets had been returned (as of 12 Aug), a move that’s somewhat in line with the hacker’s initial claim that the heist wasn’t meant to be about making money from the stolen assets. The assets that have been returned thus far are from the Ethereum ($4.6 mln), BSC ($252 mln) and Polygon ($85 mln) chains while what remains is $268 mln worth of assets. The team says it’s communicating with the hacker to recover what’s left.
On why s/he’s been selling or swapping the stablecoins, the hacker said s/he was pissed at the Poly Network team for their initial response. S/he says in one of the broadcasts:
“They urged others to blame & hate me before I had any chance to reply! Of course I knew there are fake defi coins, but I didn’t take it seriously since I had no plan (of) laundering them. In the meanwhile, depositing the stables could earn some interest to cover potential costs so that I have more time to negotiate with the Poly team.”
The hacker has since received some offers on his/her BSC wallet address asking to help launder the stolen assets.
From Huobi to OKEx, Binance and O3, several other projects expressed support for Poly Network’s effort to manage the situation.
Poly Network was launched in August 2020 with Neo, Ontology, and Switcheo as its founding members. It was founded by Da Hongfei, also the founder of Neo, who believes that interoperability is the future of the blockchain industry. He said at launch: “With Poly Network, we are linking disparate and heterogenous platforms to build a global cross-chain platform with the aim of realizing blockchain’s potential while overcoming its challenges — together.”