Complex Made Simple

The weird crypto theft case of Poly Network in a growing attack landscape

Poly Network lets users swap tokens from one digital ledger to another. Someone exploited a flaw in its code, which allowed the transfer of the assets to a hacker's own crypto wallets. That hacker later returned almost all of it back

It started off with a hacker exploiting a vulnerability to steal $600 million The hackers stole about $267 mn of Ether, $252 mn of Binance coins, and $85 mn in USDC tokens The hacker took the unusual step of returning most of the stolen money, bar $33 million

It started off with a hacker exploiting a vulnerability to steal $600 million from a blockchain finance platform in what could be one of the largest cryptocurrency thefts to date, surpassing the $534.8 mn in digital coins stolen from Japanese exchange Coincheck in a 2018 attack and the estimated $450 million worth of bitcoin that went missing from Tokyo-based exchange Mt. Gox in 2014.

Poly Network lets users swap tokens from one digital ledger to another. Someone exploited a flaw in Poly Network’s code which allowed them to transfer the assets to their own crypto wallets.

The makers of Poly Network, a DeFi, or decentralized finance platform that works across blockchains, recently confirmed the massive cryptocurrency theft. 

Then what followed was an appeal by Poly Network to “return the hacked assets.” 

“Law enforcement in any country will regard this as a major economic crime and you will be pursued. It is very unwise for you to do any further transactions. The stolen monies are from tens of thousands of crypto community members. You should talk to us to work out a solution,” the Poly Network team said. 

Later, a small amount of the funds, near $1 mn, were returned.  

A little later, it posted again saying: “So far, we have received a total value of $4,772,297.675 assets returned by the hacker. ETH address: $2,654,946.051 BSC address: $1,107,870.815 Polygon address: $1,009,480.809.”

Per Wall Street Journal’s MarketWatch, the CTO of stablecoin company Tether, Paolo Ardoino, said the company froze $33 mn of its tokens lost in the Poly Network attack. 

The hackers stole about $267 mn of Ether, $252 mn of Binance coins, and $85 mn in USDC tokens. 

What happened next was really strange.

Poly Network is now inviting the hacker behind it to become an advisor to the firm, and promising a $500,000 reward for the restoration of user funds.

“To extend our thanks and encourage Mr. White Hat to continue contributing to security advancement in the blockchain world together with Poly Network, we cordially invite Mr. White Hat to be the Chief Security Advisor of Poly Network,” the firm said in a statement.

By the time of the announcement, the hacker has taken the unusual step of returning most of the stolen money, bar $33 million of cryptocurrency yet unreturned.

Worth mentioning is the fact that over $200 million of the funds is currently locked in an account that requires passwords from Poly Network and the hacker to gain access.

Poly Network has pleaded with the hacker, who it is calling “Mr. White Hat,” to provide the password or private key necessary to retrieve the money.

“Mr. White Hat” is a reference to ethical hackers who search for vulnerabilities in organizations’ systems that could expose them to attacks.  

Poly Network had offered a $500,000 “bug bounty” to send all of the money back. Such bounties are typically rewarded to people who report bugs to help companies find and resolve flaws before they are disclosed to the general public.

A sharp jump in attacks on crypto

The leading provider of Digital Risk Protection solutions recently released their Quarterly Threat Trends and Intelligence Report. Overall, the first half of 2021 shows a 22% increase in the volume of phishing attacks over the same time period last year.  

“Bad actors continue to utilize phishing to fleece proprietary information, and are developing more sophisticated ways to do so based on growth in areas such as cryptocurrency and sites that use single-sign-on,” says John LaCour, Founder and CTO of PhishLabs.

In Q2, crypto experienced an increase of phishing attacks 10 times greater than the previous quarter in 2021. Notably, a combination of brand, executive, and employee impersonation attacks accounted for more than half (54.7%) of all social media attacks on the cryptocurrency sector. Threat actors are impersonating cryptocurrency businesses to confuse customers and cash in on the sector’s skyrocketing growth in a medium where a majority of the industry’s communications takes place.

Also, and since the beginning of 2021, the average business has experienced approximately 34 attacks on social media per month. However, by June this number rose closer to 50, representing a 47% increase through the first half of 2021.

The report shows an increasing pattern of threat actors targeting accounts used for single sign-on (SSO). Forty-five percent of phishing sites targeted accounts that are commonly used for SSO.