Biggest hacking related theft in the crypto history took place on Tuesday. Cross-chain decentralized finance (DeFi) platform Poly Network was attacked where the alleged hacker stole $600 million in crypto.
The tokens were valued at about $600m, consisting of more than $270m on the ethereum blockchain, $250m on the Binance Smart Chain and $84m on the Polygon network, according to wallet addresses published by Poly Network on Twitter.
Also the Poly team identified three addresses where stolen assets were transferred.
Brief overview about Poly Network:
Poly Network is a platform that connect different blockchains so that they can work together. Poly Network has developed a computer protocol, or set of rules, that allows users to transfer tokens tied to one blockchain to a different network. It was launched by the founder of Chinese blockchain project Neo, operates on the Binance Smart Chain, Ethereum and Polygon blockchains. Poly Network was the second Chinese interoperability protocol to be featured on the government-backed Blockchain-based Service Network.
Basically Poly Network is a decentralized finance platform. Such networks allow users to buy and sell digital assets directly with each other, bypassing intermediaries that impose fees such as n exchanges or clearing houses. This can make financial applications such as lending or borrowing more efficient and cheaper.
How did the attack happen?
The researchers have concluded that the theft was “likely to be a long-planned, organized and prepared attack.” Poly Network, which links some of the world’s most widely used digital ledgers, said on Tuesday that attackers had exploited a vulnerability in its system and taken thousands of crypto tokens.
The alleged hacker exploited a vulnerability in Poly Network’s “contract calls”, a type of test that is not intended to be published on the blockchain, to access the ledgers and transfer money, the network said.
The hacker exploited a vulnerability, which is the _executeCrossChainTx function between contract calls.The attacker use[d] this function to pass in carefully constructed data to modify the keeper of the EthCrossChainData contract,” the company added, an attack that effectively allowed the intruder to declare themselves as the owner of any funds processed through the platform.
Using repeated calls to the attacked contract, the hacker was able to exfiltrate funds from the Poly Network and then transfer them to wallets under their control, identified by Poly admins as follows:
According to another China-based blockchain security firm, Slowmist, the attackers’ original funds were in monero (XMR, +3.14%), a privacy-centric cryptocurrency, and were then exchanged for BNB, ETH, MATIC (+18.24%) and a few other tokens.
The attackers then initiated the attacks on Ethereum, BSC and Polygon blockchains. The finding was supported by Slowmist’s partners, including China-based exchange Hoo.
Why such attacks happen?
The Poly Network incident shows how nascent cross-chain protocols are particularly vulnerable to attacks. In July, cross-chain liquidity protocol Thorchain suffered two exploits in two weeks. Rari Capital, another cross-chain DeFi protocol, was hit by an attack in May, losing funds worth nearly $11 million in ETH.
Especially cross-chain is a very vulnerable area with the added complexity of connections with every other chain and all their idiosyncrasies.
Also DeFi has become a key target for attacks.
Since the start of the year until July, DeFi-related hacks totaled $361 million — an increase of nearly three times from the whole of 2020, according to cryptocurrency compliance company CipherTrace.
DeFi-related fraud is also on the rise. In the first seven months of the year, they accounted for 54% of total crypto fraud volume versus 3% for all of last year.A decentralised financial network has claimed hackers absconded with about $600m worth of cryptocurrencies in one of the largest heists to target the growing digital asset industry.
Are there less regulatory oversights over cryptocurrency?
The alleged hack was a blow to supporters of decentralised finance, or DeFi, which has been one of the fastest expanding areas of the booming cryptocurrency market. It also highlighted the lack of consumer and investor protections in a market with only light oversight from financial regulators.
Impact of the attack:
The dollar value of the stolen coins dropped to $394m as news of the theft spread and investors sold cryptocurrencies, knocking the tokens’ prices.
Poly Network disclosed the attack on Twitter and asked to establish communication with the hackers, and urged them to “return the hacked assets. Poly Network urged cryptocurrency exchanges to “blacklist tokens” coming from the addresses that were linked to the hackers.
About $33 million of Tether that was part of the theft has been frozen, according to the stablecoin’s issuer.
Poly Network called on groups known as “miners”, which process transactions, and centralised crypto exchanges to block transfers. “We will take legal actions and we urge the hackers to return the assets,” it said.
Paolo Ardoino, chief technical officer at stablecoin company Tether, said the group had frozen about $33m worth of its tokens, which were on the Poly Network.
Gary Gensler, chair of the Securities and Exchange Commission, the US markets regulator, had called on lawmakers this month to give watchdogs more power to protect investors from illicit activity on DeFi platforms.
International Tax Panorama 
Leave a comment