Hackers have stolen $611 million worth of cryptocurrencies from a blockchain-based financial network which is considered to be one of the largest heists targeting the digital asset industry.
Poly Network is a China-based cross-chain decentralized finance (DeFi) platform for swapping tokens across multiple blockchains such as Bitcoin and Ethereum.
The company disclosed that unidentified actors had exploited a vulnerability in its system that led them to successfully transfer Binance Chain, Ethereum, and Polygon assets into their wallets.
Poly Network stated that the hacker exploited a vulnerability between contract calls.
The stolen Binance Chain, Ethereum, and Polygon assets are said to have been transferred to three different wallets. The company is urging miners of affected blockchain and centralized crypto exchanges to blocklist tokens coming from the below mentioned addresses.
The three wallet addresses are: –
- Ethereum: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963 ($273 million)
- Binance Smart Chain: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71 ($253 million)
- Polygon: 0x5dc3603C9D42Ff184153a8a9094a73d461663214 ($85 million)
The breakdown of the stolen assets is as follows:
- Ethereum tokens: $273 million
- Binance Smart Chain: $253 million
- Polygon Network (in USDC): $85 million
Tether’s Chief Technology Officer Paolo Ardoino tweeted that the stablecoin company froze $33 million worth of its tokens that were stolen.
Binance CEO Changpeng Zha tweeted that they were aware of the poly.network exploit that has occurred. As no one controls BSC (or ETH), they are coordinating with all their security partners to proactively help.
Poly Network had urged the threat actors to return the stolen cryptocurrency assets as a heist this big is likely to be on law enforcement’s radar.
Today, Poly Network have recovered assets worth around $4.7 million even though it is a tiny chunk of the total stolen amount.
It was reported that the attackers behind the hack have returned $1 million in USD Coin (USDC) on the Polygon blockchain, $1.1 million in BTCB, as well as $2 million in the Shiba Inu ERC-20 token and $622,243 FEI USD stablecoins.
Before sending back the funds, the hacker created a token called “The hacker is ready to surrender” and sent it to the designated Polygon wallet address.
The identity of the hacker remains unclear, but blockchain security firm SlowMist claimed that it was able to trace the attacker email address, IP address, and device fingerprint and that their initial source of funds was in Monero coins, which were then exchanged for ETH, MATIC, and other currencies.
Image Credits : Analytics Insight