One of the biggest cryptocurrency thefts in recent years, hackers stole more than $600 million in the cyberattack, targeting the Poly Network firm.
Hackers exploited a vulnerability in their organization network and took thousands of digital cryptocurrency tokens such as Ethereum, BinanceChain and OxPolygon bitcoins.
Who is Poly Network? and Rise of Decentralized Platform (DeFi):
Poly Network is a decentralized finance DeFi platform industry specialized in transferring cryptocurrency across different blockchains.
A Decentralized platform is a fast emerging space within the crypto firms that focuses to increase traditional financial products without the engagement of any third person.
This enhanced a lot of billions of dollars invested in this platform but also gave rise to new hacks and scams.
According to the cryptocurrency compliance industry, CipherTrace, there is a tremendous spike of cryptocurrency heists in the year 2021, reaching a total of $361 million as of the end of July. That is a threefold increase when compared to the previous year’s estimation.
Poly Network Responds to the Cryptocurrency Theft:
Poly Network responded to this cryptocurrency heist in their official Twitter account and accepted the security breach in their network. They immediately take down all their assets and halt the transactions.
Also, they appeal to the miners of the affected blockchains and crypto exchangers to blacklist tokens coming from the affected addresses.
After a preliminary investigation, Poly Network found the vulnerability where cyber criminals exploited the vulnerability between “contract calls.” This means the hackers found flaws when two programs that automatically carry out transactions on the blockchain were running at the same time.
They urge the hackers to return the stolen cryptocurrency otherwise legal action will be taken as the amount is of the ten of thousands of crypto community members. They added, “The amount of money you have hacked is one of the biggest in DeFi history.”
The Poly network also in a series of tweets requested and offered the hackers a chance to talk to them and work out a solution.
They briefly share the roadmap for reinitiating operations and full recovery phase by phase.
Image Source: Poly Network Official Twitter
Read Must | How hackers attack Kubernetes Cluster via Argo Workflow to deploy Crypto Miners | Discovery, Risks & Mitigations for the exposed Argo Workflow | Click here – Hackers Attack Kubernetes Cluster via Argo Workflow to Deploy Crypto Miners
Hackers Return the CryptoCurrency after Poly Network Statement:
In an unusual turn of incidents, after the Poly Network requested in a series of tweets, hackers started to return half of the stolen cryptocurrency amount.
Hackers sent a message to them embedded in the cryptocurrency transaction that they were ready to return the stolen amount.
The attacker started returning the stolen funds first in small amounts in the online wallets that are managed by Poly Network and later started large deposits in millions.
The hacker returned a total of $342 million of cryptocurrency, confirmed by the Poly Network in a tweet.
But the remaining $268 million of bitcoins is still frozen in an account that requires a key from both Poly Network and a hacker to gain access to it and move the funds.
The suspected hacker also embedded a message in the transaction that will “provide the final key when_everyone_ is ready.”
Hacker claims the Cryptocurrency Heist “for fun”:
The hacker claimed that cryptocurrency theft done in Poly Network is just “for fun” and took it as a challenge.
The hacker sent a few messages embedded in transactions sent by its account.
The attacker wrote- “When spotting the bug, I had a mixed feeling. Ask yourself what to do if you are facing so much fortune. Asking the project team politely so that they can fix it? Anyone could be a traitor given one billion!”
“I can trust nobody!” the person continued. “The only solution I can come up with is saving it in a _trusted_ account while keeping myself _anonymous_ and _safe_.”
The hacker also wrote – “I take the responsibility to expose the vulnerability before any insiders are hiding and exploiting it. I understood the risk of exposing myself even if I don’t do evil. So I used temporary email, IP or _so called_ fingerprint, which were untraceable. I prefer to stay in the dark and save the world.”
The hacker also gave a reason for returning the cryptocurrency – “That’s always the plan! I am _not_ very interested in money! I know it hurts when people are attacked, but shouldn’t they learn something from those hacks?”
Poly Network offered $500,000 to Hacker as Bug Bounty:
A further embedded message sent by the self-proclaimed hacker said that Poly Network offered a $500,000 bounty as a reward if all stolen cryptocurrency funds are returned to them and the firm also ensures that the hacker would not be held accountable for this incident.
Poly Network also confirmed this in their tweet and dubbed the hacker as “White Hat” – a jargon used for an ethical hacker who specializes to expose cyber vulnerabilities and ensure the security of an organization.
In a statement, the Poly Network said – “Mr. White Hat would contribute to the blockchain sector’s continued development upon accepting the $500,000 reward, which it had offered as part of negotiations around the return of the digital coins.”
Image Source: Poly Network Official Twitter
In addition to this, Poly Network announced a separate Bug Bounty Program open for top security agencies with an offering of a total pool of $500,000 with $100,000 for each valid bug report.
Poly Network also tweeted that they don’t have any intention of holding the person who had hacked their network and offered a Chief Security Advisor position in their company, and also a $500,000 bounty reward.
Let’s wait and watch his response to this proposal!
Found this article interesting? Follow DefenseLead on Twitter, Facebook and LinkedIn to read more exclusive content.