A major hack to a decentralised finance (DeFi) platform has reportedly resulted in more than $600m in cryptocurrency being stolen.
Poly Network is a cross chain platform that operates on the Binance Smart Chain, Ethereum and Polygon blockchains – the ledgers where various cryptocurrencies are based.
While it is extremely difficult to tamper with or hack into blockchains, the hackers in this case exploited a vulnerability in the Poly Network system.
The platform disclosed the hack in a post on Twitter that it was attacked on all three blockchains and identified three addresses where assets have been transferred.
We are aware of the https://t.co/IgGJ0598Q0 exploit that occurred today. While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can. Stay #SAFU. 🙏 https://t.co/TG0dKPapQT
— CZ 🔶 Binance (@cz_binance) August 10, 2021
“We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses,” the company said.
“After preliminary investigation, we located the cause of the vulnerability. The hacker exploited a vulnerability between contract calls, exploit was not caused by the single keeper as rumoured.”
Poly Network also tweeted an open letter to the attacker requesting the return of the assets. “The amount of money you hacked is the biggest in DeFi history,” it said.
While it is not yet clear whether the person responsible is a white hat hacker or a cybercriminal, Poly Network’s letter suggests it’s appealing to what University College Dublin’s Dr Nima Afraz has called a Robin Hood status that hackers often enjoy.
“The collective of dark web hackers has long enjoyed the Robin Hood status due to targeting big corporations and donating to charities or leaking classified data on the government and public figure corruption,” he said.
Cryptocurrency heists and cyberattacks
While widely reported as one of the largest cryptocurrency heists, the Poly Network attack is the latest in a string of fraud and theft incidences in the DeFi industry.
A report from crypto intelligence company CipherTrace said losses from the DeFi sector hit an all-time high in the first seven months of the year, with a record of $361m in criminal losses from January to July.
Even though security is often seen as one of the major benefits of blockchain, cybercriminals and attacks are becoming more sophisticated all the time.
In 2019, cryptocurrency exchange Coinbase suspended trading on Ethereum Classic after attackers stole almost $500,000 worth of cryptocurrency.
- DIGIT Movers and Shakers | July 2021
- Broadband on tap? New project to run internet cables in watermains
- Apprentice Employer of the Month | Sitekit
As well as attacks to individual platforms, the DeFi sector faces its own challenges as the independently developed cryptocurrency systems can sometimes struggle to interact with each other.
This, and other cryptocurrency heists also brings into question the security viability of the currency, something that Brian Higgins, security specialist at Comparitech commented on.
He said: “It’s an unfortunate hazard of dealing in unregulated financial platforms that regardless of your status, whether you are among the minority of legitimate users or exploiting their pseudo-anonymity to conduct criminal activities, they are vulnerable to attack and there is very little anyone can do once that happens.
“It’s interesting to note that whilst all of the affected platforms state that they are doing as much as they can to help, there are no specifics here and it is highly unlikely that any of the victims will ever be reimbursed.
“Non-regulated, non-Fiat currencies are highly unstable and e-money laundering is far easier than the real thing these days. Cryptocurrency is a risky business and it will probably stay that way.”