Author

Topic: Largest DeFi Hack: $611 Million Stolen from Poly Network (Read 292 times)

copper member
Activity: 2380
Merit: 1302
Playbet.io - Crypto Casino and Sportsbook
https://mobile.twitter.com/polynetwork2

The remaining amount of hack has been transferred back to poly network except $33millions USDT which got "frozen" when the hack happened.
@OP you can close this thread as we can assume the problem has been solved already
The hackers do not want to provide the private key and also asking for 500000$ as bounty pool for delivering the funds back to the protocol. So, now the drama is on higher level and the fund would not be available if it can be withdrawn as well as if it could be sold.
legendary
Activity: 2366
Merit: 1130
https://mobile.twitter.com/polynetwork2

The remaining amount of hack has been transferred back to poly network except $33millions USDT which got "frozen" when the hack happened.
@OP you can close this thread as we can assume the problem has been solved already
sr. member
Activity: 1680
Merit: 379
Top Crypto Casino
It would have been incredibly difficult to get away with stealing half a billion dollars. Ethereum and BSC are fully transparent blockchains and there is not enough liquidity in mixers like Tornado Cash to obfuscate such a large amount. If they hadn't been so greedy and only stole enough money to live off of for a couple of years then there would not have been such an effort to track them down. They have now returned most of the funds in order to try and avoid legal consequences.
full member
Activity: 868
Merit: 150
★Bitvest.io★ Play Plinko or Invest!
Too bad for the hacker, but good for the industry. This is a good event, after all.

All those years people had the fear of bitcoin and other crypto are being vulnerable and if they are gone then there are no chance to get them back, but this event is going to change that perception.
Yeah, it's a first time for me too, to see a hacker to bring back the money that they've stolen. Although this is nothing new though, where the attacker surrendered what they're initial goal was, I mean there's the hack of the Half-Life 2 or the Counter Strike of Valve back then, the hacker surrendered thinking that Gabe Newell is going to recruit him into the team for his stunt and then there's also Chris Putnam who made Facebook look like MySpace.
full member
Activity: 1442
Merit: 153
★Bitvest.io★ Play Plinko or Invest!
snip

Because there's no way he cash out that money since most of the exchange listed the token that he hack was already notified and already Mark or blacklisted his address. Returning the fund while having an extra payment for returning it as reward is the most efficient way for him to get money and at the same time to avoid jail time. Its not laughable because he will still gonna be rich after this since he find a major flaw on poly network code.
That's probably the reason but dude, these hacker is dumb, there are a lot of ways that he/she can cash it out or sell it out without having to worry about being tracked, there's treasure men out there that you can hire to hide the money and give you the map that they put the money, it's risky but it works. I don't know if Poly Network is going to recruit the hacker to the team though.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
Too bad for the hacker, but good for the industry. This is a good event, after all.

All those years people had the fear of bitcoin and other crypto are being vulnerable and if they are gone then there are no chance to get them back, but this event is going to change that perception.
hero member
Activity: 1876
Merit: 721
Top Crypto Casino
In short hacker was dumb to use traceable wallet linked to hoo exchange where he has KYC.

The power of blockchain prevails again.

It's funny that hackers made such a mistake! They have done such a big illegal thing but have forgotten to hide themselves which is why they are not able to keep the funds with them even after such a big successful hack. If they had not been under pressure for any reason, they would not have returned the funds. This is certainly good news for the crypto community, that hacker identities can be easily traced and action can be taken against them.
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
In short hacker was dumb to use traceable wallet linked to hoo exchange where he has KYC.

The power of blockchain prevails again.
This hacker isn't that naive to make such a stupid mistake! SlowMist, the blockchain security firm which claims to have succeeded to identify the hacker, thinks it's a long-planned attack, so, it's not like the attackers where in a rush and forgot to hide their traces.
If he/they were afraid of being prosecuted then they would have send the whole stolen amount not just a part of it.

I think there is more to the story as the attacker stared questioning the reliability of the polygon network system and the trustworthiness of its team in his embedded messages.
legendary
Activity: 2702
Merit: 4002
The only benefit of this hack is that we have to make the technical aspects first instead of the low fees, many wallets have started adding Poly Network but I think most developers and people haven't read a single line of code.

Let's see how this case will end, and whether the reason for hack will be accurately revealed, with all errors being professionally corrected, or will the case end with the return of the money and the freezing of the rest of the currencies.

Note also that freezing stablecoins is an indication that currencies like USDT/USDC/BNB/BSC are not decentralized.
hero member
Activity: 2926
Merit: 567
there's an update about the hack. according to the article below the hackers have decided to return the money. looks like the hackers had no choice but to return the funds since they have been Identified. I guess they think that cooperating and returning the funds would reduce whatever sentence they would get.

https://finance.yahoo.com/news/cryptocurrency-poly-network-hackers-return-funds-defi-ethereum-110935552.html

They are identified and they cannot escape persecution
Quote
"Law enforcement in any country will regard this as a major crime. and you will be pursued," the company said in its letter
. they are good at hacking but they seem to be naive on how to escape like bad criminals, this is bad news to future criminals but can they really get these criminals if they want to get away, I've seen movies where criminals are good at changing their identity.
copper member
Activity: 2380
Merit: 1302
Playbet.io - Crypto Casino and Sportsbook
there's an update about the hack. according to the article below the hackers have decided to return the money. looks like the hackers had no choice but to return the funds since they have been Identified. I guess they think that cooperating and returning the funds would reduce whatever sentence they would get.

https://finance.yahoo.com/news/cryptocurrency-poly-network-hackers-return-funds-defi-ethereum-110935552.html
It can be something different too. They can return without any reason just to check the vulnerable of it. This time they might be identified but what happened at the time of hacking etc. On the hackers of etc also returned their funds which they had hacked.
legendary
Activity: 1974
Merit: 2124
there's an update about the hack. according to the article below the hackers have decided to return the money. looks like the hackers had no choice but to return the funds since they have been Identified. I guess they think that cooperating and returning the funds would reduce whatever sentence they would get.

https://finance.yahoo.com/news/cryptocurrency-poly-network-hackers-return-funds-defi-ethereum-110935552.html
They have not returned full amount of stolen tokens to the poly network as they have returned only $280 Million and still $353 million is outstanding.You can find same details here from the image below:



This has nothing to do with bitcoin hack as the defi platform provides P2P token swaps across different blockchains.This hack was due to vulnerability in the project and they exploits it and make such scam at mass level in DeFi world which is why we need to do proper research before jumping into any new project in the market and team must do proper tests before launch as different leaks can be major reason for fund loss on security breaches.

Quote
A person claiming to have perpetrated the hack said they did it "for fun" and wanted to "expose the vulnerability.It was "always the plan" to return the tokens, the purported hacker wrote, adding: "I am not very interested in money."
member
Activity: 1103
Merit: 76
there's an update about the hack. according to the article below the hackers have decided to return the money. looks like the hackers had no choice but to return the funds since they have been Identified. I guess they think that cooperating and returning the funds would reduce whatever sentence they would get.

https://finance.yahoo.com/news/cryptocurrency-poly-network-hackers-return-funds-defi-ethereum-110935552.html

Why they returned the funds must have been a surprising thing. From what you have said, their identities may have been identified which puts them at a risk. Again, if they went to sell those tokens in the exchanges, their funds were likely to block by that exchange. Because the amount of this hack is not a small amount. So there was a lot of discussion about this hack and various steps were taken. As a result, the hackers may have panicked and returned the funds.

In short hacker was dumb to use traceable wallet linked to hoo exchange where he has KYC.

The power of blockchain prevails again.
legendary
Activity: 3654
Merit: 8909
https://bpip.org
Disclaimer: tinfoil hat applied!
What if they tried to do the "hack" themselves but when the enthusiasm evaporated and they saw the whole world is starting to take an interest they chickened out and abandoned it?
After all, it's the crypto world we're talking about, it woudn't surprise me one bit.

This tinfoil theory was brought up in WO... I find it unlikely to be an inside job. Technically those shitcoiners don't have the keys. And the code is public, for better or worse. In this case I think it's even open source so no disassembly required. To implement a backdoor in it would be very difficult and risky. But a dedicated nerd finding a flaw and making use of it (calling it a hack or an exploit is a bit of a stretch) would be quite plausible.

At any rate, it's not like this happened on some "code is law" "be your own bank" chain. Vitalik Rollback Buterin will surely help them out, no?
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
Btc scam is real

Zero bitcoins stolen!
The hack happened on a platform that has nothing to do with bitcoin.
It wasn't a scam it was a hack due to poor programming and a rush to launch a project to grab money.

Because there's no way he cash out that money since most of the exchange listed the token that he hack was already notified and already Mark or blacklisted his address.

That sounds so good when we're' talking about a decentralized finance solution with a permissionless blockchain.

So I take it from the article (and I hate Yahoo Finance, btw) that the identity of the hacker(s) hasn't been released?  I'd be very curious to know who was behind this, and hopefully there's some follow up.  In particular I'd like to know if this is some individual hacker just trying to score points in the hacking community--which he would no doubt do if that's the case--or if it was an organized group with more sinister origins. 

Disclaimer: tinfoil hat applied!
What if they tried to do the "hack" themselves but when the enthusiasm evaporated and they saw the whole world is starting to take an interest they chickened out and abandoned it?
After all, it's the crypto world we're talking about, it woudn't surprise me one bit.
hero member
Activity: 1876
Merit: 721
Top Crypto Casino
there's an update about the hack. according to the article below the hackers have decided to return the money. looks like the hackers had no choice but to return the funds since they have been Identified. I guess they think that cooperating and returning the funds would reduce whatever sentence they would get.

https://finance.yahoo.com/news/cryptocurrency-poly-network-hackers-return-funds-defi-ethereum-110935552.html

Why they returned the funds must have been a surprising thing. From what you have said, their identities may have been identified which puts them at a risk. Again, if they went to sell those tokens in the exchanges, their funds were likely to block by that exchange. Because the amount of this hack is not a small amount. So there was a lot of discussion about this hack and various steps were taken. As a result, the hackers may have panicked and returned the funds.
legendary
Activity: 3500
Merit: 6981
Top Crypto Casino
How come you share an article while you even didn't read your article.
It's a merit-grab attempt; that's what I immediately thought without even realizing OP's goofs.

So I take it from the article (and I hate Yahoo Finance, btw) that the identity of the hacker(s) hasn't been released?  I'd be very curious to know who was behind this, and hopefully there's some follow up.  In particular I'd like to know if this is some individual hacker just trying to score points in the hacking community--which he would no doubt do if that's the case--or if it was an organized group with more sinister origins. 

I'm also kind of surprised that any funds were returned, though I guess if the identify of the hacker was discovered, I can see how they'd think they had no choice but to do so.  Interesting story.
legendary
Activity: 1834
Merit: 1208
Btc scam is real and am looking forward to a massive campaign and awareness on crypto scam to the general public on the basic steps, strategies and procedures to a successful crypto biz with total zero scam and how to identify the scaming elements on crypto.
Today another history of scam was made through hacking, who else to trust again?
How come you share an article while you even didn't read your article. It's hack on polygon network and they has a control to move all tokens run on that network, there no mentioned about Bitcoin. Polygon is still new and yet need many development of their security, nothing new about DEFI hack.

There's no hack about Bitcoin, what you see is only hack on a service that hold Bitcoin.
hero member
Activity: 2716
Merit: 698
Dimon69
there's an update about the hack. according to the article below the hackers have decided to return the money. looks like the hackers had no choice but to return the funds since they have been Identified. I guess they think that cooperating and returning the funds would reduce whatever sentence they would get.

https://finance.yahoo.com/news/cryptocurrency-poly-network-hackers-return-funds-defi-ethereum-110935552.html
I don't know why but the return of the stolen funds makes me laugh, right now I am losing my breath laughing out loud in the middle of the night because this story is hilarious, never seen hackers turn tail and heed the demands of the victims to return the stolen funds, I guess they don't want to risk going to jail for a long time.

Because there's no way he cash out that money since most of the exchange listed the token that he hack was already notified and already Mark or blacklisted his address. Returning the fund while having an extra payment for returning it as reward is the most efficient way for him to get money and at the same time to avoid jail time. Its not laughable because he will still gonna be rich after this since he find a major flaw on poly network code.
full member
Activity: 1442
Merit: 153
★Bitvest.io★ Play Plinko or Invest!
there's an update about the hack. according to the article below the hackers have decided to return the money. looks like the hackers had no choice but to return the funds since they have been Identified. I guess they think that cooperating and returning the funds would reduce whatever sentence they would get.

https://finance.yahoo.com/news/cryptocurrency-poly-network-hackers-return-funds-defi-ethereum-110935552.html
I don't know why but the return of the stolen funds makes me laugh, right now I am losing my breath laughing out loud in the middle of the night because this story is hilarious, never seen hackers turn tail and heed the demands of the victims to return the stolen funds, I guess they don't want to risk going to jail for a long time.
legendary
Activity: 2436
Merit: 1104
there's an update about the hack. according to the article below the hackers have decided to return the money. looks like the hackers had no choice but to return the funds since they have been Identified. I guess they think that cooperating and returning the funds would reduce whatever sentence they would get.

https://finance.yahoo.com/news/cryptocurrency-poly-network-hackers-return-funds-defi-ethereum-110935552.html
full member
Activity: 140
Merit: 128
Btc scam is real and am looking forward to a massive campaign and awareness on crypto scam to the general public on the basic steps, strategies and procedures to a successful crypto biz with total zero scam and how to identify the scaming elements on crypto.
Today another history of scam was made through hacking, who else to trust again?
This happened on Tuesday 10th of August, 2021 with details below

Quote
|Largest DeFi Hack: $611 Million Stolen from Poly Network
The DeFi team has identified three addresses where the stolen funds have been stored
The vulnerability of blockchain infrastructure has been highlighted again as $611 million worth of cryptocurrencies were siphoned from cross-chain protocol, Poly Network on Tuesday, making it one of the largest crypto heists to date.

Launched by the founder of the Chinese blockchain project Neo, Poly Network enables swapping of tokens on the Binance Smart Chain, Ethereum and Polygon blockchains. All three blockchains were targeted on Tuesdays’ attack.

Poly team has identified and published the three addresses where the attackers stored the stolen funds.

Blockchain scanning platform data of the three addresses shows that $273 million in Ether were stolen, along with $253 million in tokens from the Binance Smart Chain and $85 million in USDC on the Polygon network.

Actions After the Hack
The Poly team has already requested miners to block the transactions originating from the three addresses, and the community is following through. Tether has already blacklisted the USDT tokens on Ethereum that constitute roughly $33 million in the stolen proceeds.

We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses,” the Poly team tweeted.

Additionally, Binance CEO Changpeng Zhao assured coordination with Poly, but highlighted that no one controls the blockchains and ‘there are no guarantees’.

Around an hour after the attack, the hackers tried to move cryptos including USDT through the ETH address in liquidity pool Curve.fi, but the transaction was rejected. However, another $100 million in assets were moved from the Binance Chain and deposited into liquidity pool Ellipsis Finance.

Though the exact way of breaching the protocol security is not yet known, several blockchain investigation companies have already initiated probes. According to Chinese blockchain security firm, BlockSec, the attack might have been triggered with the leak of private keys or through a bug during Poly’s signing process.

Another Chinese security firm, Slowmist, identified that the attackers used the privacy token Monero as their original funds, which obtained the information from its Chinese exchange partner, Hoo. Furthermore, the company claims that it has identified the attackers’ email address, IP information and device fingerprint.

Source link:
https://www.financemagnates.com/cryptocurrency/news/largest-defi-hack-611-million-stolen-from-poly-network/?utm_source=thecryptoapp
Jump to: