Someone Stole $600 Million in a Cross-Chain Hack

Over $600 million is confirmed to have been taken, but the full extent of the damage is still unknown.

Key Takeaways

Poly Network has been hacked resulting in over $600 million worth of losses.

Funds across Ethereum, Binance Smart Chain, and Polygon have been affected.

The hack appears to be the result of a vulnerability between contract calls.

Cross-chain protocol Poly Network has informed users of an exploit resulting in over $600 million worth of assets being taken by hackers.

The Biggest Hack in Crypto History 

In a tweet posted Tuesday, Poly Network revealed that it had fallen victim to a hack resulting in the loss of over $600 million worth of assets across the Binance Smart Chain, Ethereum mainnet, and the Polygon network. 

Important Notice:
We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker’s following addresses:
ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71

— Poly Network (@PolyNetwork2) August 10, 2021

Poly Network lists the addresses where funds were transferred to in the same Twitter thread, requesting that miners and crypto exchanges blacklist tokens coming from the hacker’s addresses. Additionally, Poly Network has threatened legal action, urging the hackers to return all assets taken. 

Estimates of the amount taken vary, with at least $264 million stolen on Ethereum, $250 million from the Binance Smart Chain, and a further $85 million on Polygon. As Poly Network is a multi-chain protocol used by many projects, the full extent of the damage may not have been identified yet.

As news of the hack circulated online, members of the crypto community were quick to act. Moments before the hacker attempted to deposit the stolen funds into Curve Finance, Tether CTO Paolo Ardoino blacklisted the hacker’s address, freezing the USDT funds. Unfortunately, the hacker still managed to transfer some USDC funds into Curve’s stablecoin pool, making a recovery near impossible. 

. @Tether_to just froze ~33M $USDt on 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963 as part of the #PolyNetwork hack https://t.co/EviPTAkQJD

— Paolo Ardoino (@paoloardoino) August 10, 2021

The Poly Network team have since confirmed in a tweet that the cause of the hack was a vulnerability between contract calls, not a compromised keeper’s key as was previously rumored. 

After preliminary investigation, we located the cause of the vulnerability. The hacker exploited a vulnerability between contract calls, exploit was not caused by the single keeper as rumored.

— Poly Network (@PolyNetwork2) August 10, 2021

While the Poly Network hack looks to be one of the largest hacks in cryptocurrency history, it may also rank highly compared to the biggest heists of all time. Only one other incident looks to have resulted in more money lost when Saddam Hussein’s son stole $930 million from the Bank of Iraq days before the Iraq invasion in 2003. While not technically heists, exit scams have also resulted in large amounts of cryptocurrency being lost. In June, the founders of the South African exchange Africrypt disappeared with over $3.6 billion worth of Bitcoin, making it one of the biggest thefts in history. 

Disclaimer: At the time of writing this feature, the author owned BTC and ETH.

Update: This story has been updated with information regarding how the hack occurred.

Disclaimer Read More Read Less

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.

Source: cryptobriefing.com