The Poly Network: what happened with the hacking and how it ended
Poly Network is a decentralized finance (the so-called DeFi) platform that makes easy peer-to-peer transactions, facilitating the transfer or swap tokens across different blockchains. As stated by the developers, the network is built to implement interoperability between multiple chains in order to build the next-generation internet infrastructure. Poly Network claims to be able to make these various blockchains work with each other.
On August 10, a hacker found a breach in the digital contracts and managed to move through the network’s assets. Thus the hacker, defined as “white hat”, managed to steal over 600 million dollars in cryptocurrency. The hacker is called “Mr White Hat”, so we can call him a good hacker, with no bad intentions. The way the story went on and how Poly Network responded to the attack is truly amazing.
— Poly Network (@PolyNetwork2) August 10, 2021
It’s the biggest money heist in the history of decentralized finance. This attack has surpassed the $534.8 million in digital coins stolen from Coincheck in 2018. In a press release, Polynetwork immediately tried to communicate with the attacker. Since it is a real theft, the crime is serious and punishable by law, so the victims of the attack ask to communicate to find a solution together. Once the hacker started stealing the money, he transferred the assets to different addresses, this through a long and planned organization. Meanwhile, PolyNetwork is working on trying to trace the identity of the hacker or hackers.
Hope you will transfer assets to addresses below:
Polygon: 0xA4b291Ed1220310d3120f515B5B7AccaecD66F17 pic.twitter.com/mKlBQU4a1B
— Poly Network (@PolyNetwork2) August 11, 2021
In a tweet poly network published the data to resist the assets and, in a strange succession of events, the next morning the hackers decided to return a small portion of the stolen money.
- 7 a.m: more than $4.8 million had been returned to the Poly Network.
- 11 a.m. ET, about $258 million had been sent back.
Tom Robinson, chief scientist of blockchain analytics firm Elliptic, said via email:
“I think this demonstrates that even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics,”
“In this case the hacker concluded that the safest option was just to return the stolen assets.”
This incident does not just concern all the #PolyNetwork users, community participants, and partners, but also greatly affects the confidence of society at large in the crypto industry.
— Poly Network (@PolyNetwork2) August 13, 2021
As stated by Poly Network, this attack has to do with the entire blockchain industry. For as long as DeFi has existed, there have always been attempts to attack and fraud has occurred. Millions of funds have already been robbed on other occasions. Securing is now a priority, and as a result of this attack, many have offered to help PolyNetwork and increase DeFi’s defenses.
However, with the cooperation of Mr. White Hat and the support of all other parties, the entire incident has now arrived at a provisional result, but we still have a long way ahead of us before we can finally return the control of the assets back to users.
— Poly Network (@PolyNetwork2) August 13, 2021
Indeed, the victims of this attack were able to have the help of several personalities and companies experts in the blockchain and, incredibly, Mr. White Hat wanted to collaborate with the PolyNetwork. On Thursday, more than $ 342 million of assets were returned. The haul is about to be returned in full, but $ 268 million remains in an account that requires both PolyNetwork and the hacker passwords to gain access.
It’s likely that keys held by both Poly Network and the hacker would be required to move the funds — so the hacker could still make these funds inaccessible if they chose to,
Tom Robinson, chief scientist of blockchain analytics firm Elliptic.
In a message embedded in a digital currency transaction, the suspected hacker said they would “provide the final key when _everyone_ is ready.”
#PolyNetwork system is soon about to be relaunched as the team gets things in order to proceed as per the #roadmap . In addition to the previous 500k proposal for #MrWhiteHat, #PolyNetwork officially announces a separate 500k #bounty program open for top #security agencies https://t.co/esvKZsd1IP
— Poly Network (@PolyNetwork2) August 16, 2021
In a message, the hackers claimed that Poly Network offered them $ 500,000 to return all the stolen money. The attackers turned down the offer, even though PolyNetwork said it would guarantee their immunity and would not hold them responsible for the theft. Subsequently, Poly Network activated a reward for all the best DeFi security agencies, providing them with a share of $ 500,000 to better protect assets and improve their security.
Latest updates here:#mrwhitehat has returned assets worth approximately $427 million. #PolyNetwork donated 160 ETH #bugbounty to the address owned by #mrwhitehat.#PolyBridge has restored cross-chain functionality for at least 31 assets.https://t.co/RVKoHw36Zz
— Poly Network (@PolyNetwork2) August 19, 2021
In the third phase, the hacker is about to restore all the money, now over $ 400 million, and Poly Network has added a new $ 100,000 reward for anyone who finds a reward. Following the last updates, Mr. White Hat has returned assets that worth $427 million and they have restored the cross-chain functionality for 31 assets. PolyNetwork is still donating money for the bug bounty. This case demonstrates how stricter security systems occur in DeFi and blockchain, how people need to join systems together and how complicated it is for hackers to return stolen assets since the computer code on which the networks rely has no legal status.