The targeted company Poly Network claims that hackers exploited a vulnerability between contract calls where a contract can change/modify the keeper of a contract and execute transactions.
One of the industry’s leading decentralized finance platforms (DeFi) Poly Network has become a victim of a cyberheist in which hackers managed to steal $611 million worth of cryptocurrencies.
The blockchain-based DeFi network has suffered one of the largest thefts of digital assets, leaving behind those suffered by Coincheck ($534 Million in 2018) and Mt. Gox ($450 million in 2014).
Poly Network is a Chinese cross-chain DeFi platform that offers token swapping across multiple blockchains, including Bitcoin and Ethereum.
Stolen assets transferred to 3 wallets
According to Poly Network, assets from Binance Chain, Polygon, and Ethereum were stolen and transferred to three different wallets.
Important Notice:
We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker’s following addresses:
ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71— Poly Network (@PolyNetwork2) August 10, 2021
Hackers exploited contract calls’ vulnerability
According to the details shared by Poly Network, hackers exploited a vulnerability between contract calls where a contract can change/modify the keeper of a contract and execute transactions.
The company tweeted on Tuesday that unidentified threat actors exploited a vulnerability to plunder thousands of digital coins. Furthermore, Poly Network has urged miners of affected blockchain and crypto exchanges like Binance, OKEx, HuobiGlobal, Uniswap, Circle Pay, Tether, and BitGo to immediately blacklist any tokens that come from the attackers’ addresses.
After preliminary investigation, we located the cause of the vulnerability. The hacker exploited a vulnerability between contract calls, exploit was not caused by the single keeper as rumored.
— Poly Network (@PolyNetwork2) August 10, 2021
Poly Network Issues Open Letter
In an open letter published by Poly Network, the protocol maintainers have requested the thieves to communicate with them and return the stolen assets.
“The amount of money you have hacked is one of the biggest in DeFi history. Law enforcement in any country will regard this as a major economic crime and you will be pursued. […] The money you stole are from tens of thousands of crypto community members, hence the people,” the open letter read.
Poly Network didn’t share any other details of the incident, nor did it clarify whether any law enforcement agency was investigating the hack or not.
However, the company has tweeted that it plans to take legal action against hackers. The open letter seems to be gaining traction as nearly $2 million in stolen assets were returned by Wednesday morning.
Update:
Apparently, hackers have started returning some of the stolen funds. According to screenshots shared by the company “So far, we have received a total value of $4,772,297.675 assets returned by the hacker.”
So far, we have received a total value of $4,772,297.675 assets returned by the hacker.
ETH address: $2,654,946.051
BSC address: $1,107,870.815
Polygon address: $1,009,480.809 pic.twitter.com/bPFAQk4mvS— Poly Network (@PolyNetwork2) August 11, 2021
