In what may be the largest attack in decentralized finance, or DeFi, unknown hackers used an exploit on cross-chain protocol Poly Network to remove at least $600 million from three chains.
According to a Tuesday update on Twitter, Poly Network said the attacks had removed assets from Binance Chain, Ethereum and the Polygon network. Blockchain data from the respective networks shows the hackers stole roughly $273 million from Ethereum, $85 million in USD Coin (USDC) from the Polygon network, and $253 million from the Binance Smart Chain. Poly also reported renBTC, wrapped Bitcoin (WBTC), and wrapped Ether (WETH) were involved in the exploit, which used "a vulnerability between contract calls."
Chinese cybersecurity firm SlowMist posted an update shortly after news of the hack broke, saying its analysts had identified the attacker's email address, IP address, and device fingerprint, but did not reveal that information. The firm said it used data provided by the Hoo exchange and other firms to determine that the hacker’s initial source of funds was in Monero (XMR), which was changed to Binance Coin (BNB), Ether (ETH), and MATIC.
"Combined with the flow of funds and multiple fingerprint information, it can be found that this is likely to be a long-planned, organized and prepared attack," said SlowMist.
The hacker also posted at least three bizarre messages through transaction records on Ethereum. According to data from Etherscan, they are considering returning some of the stolen funds after seemingly being unable to move some tokens. They seemed to be asking the community for help in laundering the digital assets through tumbling service Tornado, and proposed the DAO should decide where the tokens will go:
"It would have been a billion hack if I had moved remaining shitcoins! Did I just save the project? Not so interested in money, now considering returning some tokens or just leaving them there."
Figures from DeFi and the crypto space also stepped up to offer assistance and support. OKEx CEO Jay Hao said that the exchange’s team was “watching the flow of coins" and would try to manage the situation. Tether CTO Paolo Ardoino reported that the project had frozen roughly $33 million in Tether (USDT) from one of the affected addresses, while Binance CEO Changpeng Zhao said the crypto exchange was coordinating with security partners “to proactively help” following the hack.
Launched last year, Poly Network is a collaborative project from Ontology, Neo and Switcheo to bring a “heterogeneous interoperability protocol alliance,” integrating the blockchains into the larger cross-chain ecosystem. The protocol allows users to swap tokens across different blockchains.