In a shocking turn of events, Poly Network, a decentralized Cryptocurrency platform announced Tuesday night, that $600 Million in cryptocurrency was stolen in what many consider the largest theft in the industry.
Poly Network is a platform that focuses on peer-to-peer transactions of cyber currency market. They do this by allowing multiple transaction across multiple networks and markets. The hacker, who claimed they were doing this for fun, was able to exploit a vulnerability in the contracts these companies used in the transactions. In their words, the attacker, a purported white hat or “good guy” hacker, said. "I take the responsibility to expose the vulnerability before any insiders hiding and exploiting it!" the attacker wrote. "I understood the risk of exposing myself even if I don't do evil. So I used temporary email, IP or _so called_ fingerprint, which were untraceable. I prefer to stay in the dark and save the world."[1]
While the hack had successfully stolen the funds, Poly Network acted quickly to contain the hack. They blacklisted several addresses that the assets could have been used at, while those who used the service has followed with one company freezing the assets within twenty minutes of finding out. In addition, Poly has set up addresses of which the hacker could return the assets. As of Noon Wednesday, $261 million had been returned with more expected to be returned.[2]
In an unusual twist, Poly Network has offered an olive branch to the hacker. They offered a $500K bug bounty to return most of the funds they had stolen and offered to make him their chief security advisor. The idea of hiring a former hacker for security is not unheard of, as many former cybercriminals have set up security firms and or recruited by various entities including governments. The bounty is normally given to hackers who found major bugs in their systems. As of this writing, all but $33 Million had been returned. The hacker dubbed “Mr. White Hat,” says he won’t return the rest until everyone is ready to actually protect their assets. About a third of the $600 million is still behind a passkey that both Poly Network and he need to input. [3]
What this hack and robbery showed was that cryptocurrency is extremely vulnerable to breaches and can easily end up costing billions. While this hack was done with the best of intentions, it still shows that this an extremely valuable commodity to malicious actors due to their untraceable nature.
[1] https://www.cnn.com/2021/08/11/tech/crypto-hack/index.html
[2] https://www.reuters.com/technology/defi-platform-poly-network-reports-hacking-loses-estimated-600-million-2021-08-11/
[3] https://www.cnbc.com/2021/08/17/poly-network-cryptocurrency-hack-latest.html