There would be no guarantees that the perpetrator of the attack wiould return all of the stolen funds. The analysis firm SlowMist determined the vulnerability of the DeFi Poly Network that was exploited by the hacker. Now the Poly Network Hacker had returned more than US$256 Million in Cryptocurrency.
The attacker who 24 hours ago stole more than 600 million dollars in cryptocurrencies from the DeFi protocol, Poly Network, is now returning part of the stolen digital assets. The service dedicated to decentralized finance and the operation of multiple blockchains, announced today, Wednesday, August 11th, that it established contact with the hacker.
As of this writing, the hacker has returned some US$256 million worth of cryptocurrencies, especially the tokens on the Binance Smart Chain. According to block explorer BscScan, the attacker returned US$119 million in BUSD; $ 86.9 million in Binance Ethereum Token, and another US$47.9 million in BTCB. Another US$2 million in SHIBA was also forwarded.
Earlier, Poly Network reported that the attacker had returned $ 4,772,297. Although the person involved returned a portion of the funds, there would be no guarantee that all of the stolen cryptocurrencies will return. The first tokens returned were distributed as follows:
Cryptocurrencies sent to addresses provided by Poly Network account for less than half of what was stolen. This could be interpreted as a sign of “good faith” from the hacker with the DeFi service to return the rest of the digital assets.
Before the first transfer of funds, the attacker created a token in Polygon called ” The hacker is ready to surrender .” Subsequently, he made four transactions with USD Coin in the aforementioned blockchain for amounts of 1, 100, 10,000, and 1 million dollars.
Upon receiving the first cryptocurrencies, Poly Network sent a message back through another transaction in which it stated: “You are moving things in the right direction. We get 1 + M USDC on Polygon. ‘
Cause of Poly Network attack
The DeFi service launched an investigation into what happened on Tuesday. The first forensic findings suggest that the attacker would have exploited a vulnerability between the so-called ” contract calls ” or contract calls. A contract call refers to when a user requests a specific function of a smart contract.
What happened with Poly Network was analyzed by the blockchain research firm, Slow Mist, which issued a technical report on the event. According to the information security agency, the hacker tapped into the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract.
This action allowed you to perform a role change and build a transaction at will to withdraw any amount of funds from the contract. “It is not the case that this event was caused by the leak of the private key,” added Slow Mist.
As Crypto DeFinance reported what happened with the Poly Network, this would be the most relevant attack in the history of DeFi due to the amount involved. The security of this type of service has been questioned before, which has been reflected in multiple attacks, hacks, and theft of funds.
About Poly Network Protocol
Poly Network is built to implement interoperability between multiple chains to build the next-generation internet infrastructure.
Authorized homogeneous and heterogeneous public blockchains can connect to Poly Network through an open, transparent admission mechanism and communicate with other blockchains. Poly Network has already integrated Bitcoin, Ethereum, Neo, Ontology, Elrond, Ziliqa, Binance Smart Chain, Switcheo, and Huobi ECO Chain.
Application Scenarios of Poly Network
Since DEX bodies are limited by islands of value in terms of different chains, they can only transact using the chain’s native tokens. Cross-chain DEXs can facilitate transactions using all the tokens for any chain, thereby solving the existing limitation.
If Coinbase’s popular project Compound wants to expand its business volume, implementing a cross-chain security deposit feature in place of setting up its ecosystem on every single chain can help it tremendously in implementing a multi-chain borrowing feature.
Considering MakerDao as an example, if MakerDao wants to expand its business to other chain ecosystems they would have to develop a new ecosystem on the new chain. However, using cross-chain technology, they can simply deploy a deposit contract that can lock assets and send a message to the Ethereum chain. The MakerDaocontract on Ethereum verifies the message for legitimacy and then can perform various cross-chain multi-asset staking and deposit operations.