Poly Network Got Robbed of More Than USD 600M

Interoperability protocol Poly Network has confirmed that it has suffered a major exploit – losing at least USD 600.3m of its funds.

The protocol announced that it got attacked on Binance Smart Chain (BSC), Ethereum (ETH), and Polygon (MATIC).

“We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the [provided] addresses,” said Poly Network, providing three addresses to which it says the assets have been transfered.

“We will take legal actions and we urge the hackers to return the assets,” it then added.

No additional information has been provided by the team behind the protocol as of yet.

What can be seen from the addresses is that:

That is the total of USD 601m – which some say just may be the largest attack the space has ever seen.

Tether has reacted already and frozen c. USD 33m of USDT.

In a message embedded in an ETH transaction, the alleged hacker said:

“IT WOULD HAVE BEEN A BILLION HACK IF I HAD MOVED REMAINING SHITCOINS! DID I JUST SAVE THE PROJECT?
NOT SO INTERESTED IN MONEY, NOW CONSIDERING RETURNING SOME TOKENS OR JUST LEAVING THEM HERE”

Binance CEO Changpeng Zhao tweeted that “no one controls BSC (or ETH)” but that the Binance team is “coordinating with all our security partners to proactively help, adding: “There are no guarantees. We will do as much as we can.” Others, however, ask if it is not possible to control the stablecoin BUSD nonetheless.

The blockchain security specialist Xiamen SlowMist Technology wrote in a social media post on the Weibo platform that
it had identified the hacker’s email details, their IP address, and their “device fingerprints.”

SlowMist claimed that it had analyzed data from its Hoo crypto exchange affiliate, as well as other exchanges, and discovered that the hacker had made use of monero (XMR), later moving to trade these for binance coin (BNB), ETH and MATIC.

The company added that the hacker had moved to withdraw the coins to three separate wallet addresses before following up swiftly with a three-chain attack.

And SlowMist concluded that the attack bore all the hallmarks of a carefully “planned, organized and well-prepared” operation.

The firm, which is based in Xiamen, claims to have been “founded by a team with over 10 years of front-line cybersecurity defensive experience,” and that its security team was still investigating more “vulnerability”-related issues and technical details uncovered in the wake of the attack.

Victims and speculations

The hack has impacted at least one connected project that we know of for now.

Cross-chain aggregation protocol O3 Swap cross-chain function has been suspended due to the hack, tweeted O3Labs. “We are in contact with the team. Please be patient to back to full functionality,” they said, adding that the non-cross-chain function is available and can be used normally.

Per their documentation, O3 Hub is composed of a cross-chain asset pool such as stablecoin pool and cross-chain protocol based on Poly Network.

Both projects were initiated by blockchain project Neo (NEO).

According to journalist Colin Wu, there may be money laundering involved, as the Ethereum address tried to deposit funds into exchange liquidity pool Curve.fi. “The first few transaction attempts may be rejected by the mining pool and failed, but the subsequent transaction was successfully deposited and co-deposited approximately 673,227 DAI and 96,389,444 USDC, with 95,269,795 3Crv LP [liquidity provider] shares.”

Meanwhile, an interesting dynamics seems to have developed, as there are suggestions that the attacker may be receiving some help along the way in return for hefty tips.

_____

Other reactions: