Hackers lift $610m in cryptocurrency from Poly Network

The company has pleaded with the hackers to return the stolen tokens

Blockchain platform Poly Network has fallen victim to what is likely to be the largest cryptocurrency heist in history, with hackers making away with over $610 million (£440 million) worth of Ether, Binance, and USDC tokens.

The attack, which took place on Tuesday, saw cyber criminals exploit a vulnerability in Poly Network’s contract system, with the company confirming the news on its Twitter account.

Hours later, the blockchain platform announced that it had “located the cause of the vulnerability” following a “preliminary investigation”.

“The hacker exploited a vulnerability between contract calls, exploit was not caused by the single keeper as rumoured,” the company stated.

Cyber security researchers from SlowMist, which focuses on blockchain ecosystem security, said that the hacker took advantage of the _executeCrossChainTx function in order “to pass in carefully constructed data to modify the keeper of the EthCrossChainData contract”.

SlowMist researchers denied that the attack might have been caused by a stolen password, in a blog post detailing the attack.

“It is not the case that this event occurred due to the leakage of the keeper’s private key,” the team stated.

Related Resource

How to reduce the risk of phishing and ransomware

Top security concerns and tips for mitigation

Large letter 'O' against a background of a city - whitepaper from MimecastFree download

Poly Network seemed to agree with SlowMist’s analysis by sharing the blog post with its Twitter followers. It also urged the hackers to “establish communication” to return the stolen $600 million worth of digital tokens in an open letter:

“The amount of money you have hacked is one of the biggest in defi [decentralised finance] history. Law enforcement in any country will regard this as a major economic crime and you will be pursued. The money you stole are [sic] from tens of thousands of crypto community members, hence the people. You should talk to us to work out a solution,” the company said in the note.

By 1pm BST, it also confirmed that the hackers had so far returned $4.7 million (£3.4 million) worth of digital currency.

Poly Network also asked “miners of affected blockchain and crypto exchanges to blacklist tokens” associated with the following address: BSC:0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71.

Prior to Tuesday’ hack, the attack on cryptocurrency exchange and wallet Coincheck in 2018 was seen as the largest cryptocurrency heist to date. However, the amount stolen from Poly Network is around $80 million higher than the $532 million plundered from Coincheck.

Poly Network wasn’t immediately available for comment.

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

Improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

UK's first government cyber strategy aims to bolster public sector defences
cyber security

UK's first government cyber strategy aims to bolster public sector defences

25 Jan 2022
IT Pro Podcast: Learning to live with risk
Sponsored

IT Pro Podcast: Learning to live with risk

25 Jan 2022
Russia's "politically motivated" REvil raid could be used as leverage, experts warn
ransomware

Russia's "politically motivated" REvil raid could be used as leverage, experts warn

17 Jan 2022
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp
phishing

Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp

21 Dec 2021

Most Popular

Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
Sony pulls out of MWC 2022
Business operations

Sony pulls out of MWC 2022

14 Jan 2022
Synology DiskStation DS2422+ review: A cube of great capacity
network attached storage (NAS)

Synology DiskStation DS2422+ review: A cube of great capacity

10 Jan 2022