Key Takeaways
- Hackers rip $600 million from DeFi protocol Poly Network in massive crypto attack
- The heist is the largest so far in DeFi and crypto space
- Despite the attack, markets remain unaffected
YEREVAN (CoinChapter.com) – In what seems to be the largest decentralized finance security breach recorded, hackers stole over $600 million from cross-chain DeFi protocol Poly Network.
The blockchain-based platform broke the news of the heist on Twitter.
Polygon, Ethereum, and Binance Smart Chain were the major exchanges on which Poly Network was compromised. Attackers mugged over $253 million in tokens on Binance Smart Chain and $266 million in Ethereum tokens. They also took an additional $85 million in USDC on the Polygon network. These numbers could increase as the dust settles.
Recommended: Almost 20K Ether burned since London hard fork; ETH has rallied over 17%
What is the Poly Network?
Poly Network is a computer protocol that allows users to transfer tokens among heterogeneous blockchains. As an interoperability platform, it lets users transfer tokens from their native blockchain to another network. In effect, it acts as a bridge among blockchains.
While the Poly Network has an extensive white paper to dazzle investors, its biggest selling point was its security claim. Well, until now.
While discussing the protocol’s Security Enhancement, the whitepaper reads,
Our protocol is based on cryptography and adds a complex set of mechanisms at the technical and operational levels to enhance the security of cross-chain transactions and interactions.
With the unprecedented attack, Poly Network’s reputation as a protocol that provides inter-chain transactions “in a way that is guaranteed to be atomic and secure” stands compromised.
Recommended: Gold flash crashes as Bitcoin continues the bullish trend
A “Good Samaritan” helps Poly Network hackers
If the hack in itself was not enough to baffle insiders, another user stepped up to share the glory.
After the theft, Tether denylisted $33 million USDT on Ethereum that was stolen. The hackers could no longer move them. Unawares, they tried to frantically transfer the stoled USDT until a user stepped in to help.
Going under the name hanashiro.eth, the user, sent a warning to the attackers.
“DON’T USE YOUR USDT TOKEN. YOU VE GOT BLACKLISTED”, he wrote.
His friendly advice didn’t go unrewarded. In a comical turn of events, the hackers tipped him $42,000 worth of ETH for his gesture.
What followed was a floodgate of messages to the account by hopeful users trying to benefit from their generosity.
Recommended: How Sovryn is bringing DeFi back to the Bitcoin blockchain
Oh look, it is DeFi again!
While the news may have surprised amateur investors, market insiders are getting used to such information. Decentralized Finance has become synonymous with crypto hacks.
According to the “Cryptocurrency Crime and Anti-Money Laundering Report” by CipherTrace, DeFi-related hacks constitute 76% of major hack volume in the crypto space in 2021. In monetary terms, that amounts to over $361 million.
In addition, the report suggests DeFi-related fraud makes up 54% of major crypto fraud so far this year. When it comes to crypto hacks, DeFi has earned a market reputation.
Poly Network hack makes a case for DeFi regulation
Surprisingly, despite the major hit, the markets remained largely unaffected.
As the Binance Chief took to Twitter to inform of further developments, Poly Network said something that would be music to Gary Gensler’s ears.
“We will take legal actions, and we urge the hackers to return the assets.”, the company tweeted.
Earlier this month, the US Securities and Exchange Commission chair, Gary Gensler, argued for watchdogs to get additional powers to protect investors from suspicious activity on DeFi platforms.
In his remarks before the Aspen Security Forum, Gensler had said,
“Right now, we just don’t have enough investor protection in crypto. Frankly, at this time, it’s more like the Wild West. This asset class is rife with fraud, scams, and abuse in certain applications.”
While Blockchain security firm SlowMist claimed it already tracked down the attacker’s ID, the hackers have made a brilliant case for strict regulations.
