IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hackers lift $610m in cryptocurrency from Poly Network

The company has pleaded with the hackers to return the stolen tokens

Blockchain platform Poly Network has fallen victim to what is likely to be the largest cryptocurrency heist in history, with hackers making away with over $610 million (£440 million) worth of Ether, Binance, and USDC tokens.

The attack, which took place on Tuesday, saw cyber criminals exploit a vulnerability in Poly Network’s contract system, with the company confirming the news on its Twitter account.

Hours later, the blockchain platform announced that it had “located the cause of the vulnerability” following a “preliminary investigation”.

“The hacker exploited a vulnerability between contract calls, exploit was not caused by the single keeper as rumoured,” the company stated.

Cyber security researchers from SlowMist, which focuses on blockchain ecosystem security, said that the hacker took advantage of the _executeCrossChainTx function in order “to pass in carefully constructed data to modify the keeper of the EthCrossChainData contract”.

SlowMist researchers denied that the attack might have been caused by a stolen password, in a blog post detailing the attack.

“It is not the case that this event occurred due to the leakage of the keeper’s private key,” the team stated.

Related Resource

How to reduce the risk of phishing and ransomware

Top security concerns and tips for mitigation

Large letter 'O' against a background of a city - whitepaper from MimecastFree download

Poly Network seemed to agree with SlowMist’s analysis by sharing the blog post with its Twitter followers. It also urged the hackers to “establish communication” to return the stolen $600 million worth of digital tokens in an open letter:

“The amount of money you have hacked is one of the biggest in defi [decentralised finance] history. Law enforcement in any country will regard this as a major economic crime and you will be pursued. The money you stole are [sic] from tens of thousands of crypto community members, hence the people. You should talk to us to work out a solution,” the company said in the note.

By 1pm BST, it also confirmed that the hackers had so far returned $4.7 million (£3.4 million) worth of digital currency.

Poly Network also asked “miners of affected blockchain and crypto exchanges to blacklist tokens” associated with the following address: BSC:0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71.

Prior to Tuesday’ hack, the attack on cryptocurrency exchange and wallet Coincheck in 2018 was seen as the largest cryptocurrency heist to date. However, the amount stolen from Poly Network is around $80 million higher than the $532 million plundered from Coincheck.

Poly Network wasn’t immediately available for comment.

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download

Recommended

Best free malware removal tools 2022
Security

Best free malware removal tools 2022

22 Jun 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022
What is shoulder surfing?
social engineering

What is shoulder surfing?

10 Jun 2022
CIAM buyer’s guide
Whitepaper

CIAM buyer’s guide

6 Jun 2022

Most Popular

Raspberry Pi launches next-gen Pico W microcontroller with networking support
Hardware

Raspberry Pi launches next-gen Pico W microcontroller with networking support

1 Jul 2022
Universities are fighting a cyber security war on multiple fronts
cyber security

Universities are fighting a cyber security war on multiple fronts

4 Jul 2022
Hackers claim to steal personal data of over a billion people in China
data breaches

Hackers claim to steal personal data of over a billion people in China

4 Jul 2022