Jump to content
  • Over $600 million reportedly stolen in cryptocurrency hack


    Karlston

    • 697 views
    • 4 minutes
     Share


    • 697 views
    • 4 minutes

    Over $611 million has reportedly been stolen in one of the largest cryptocurrency hacks.

     

    Decentralized cross-chain protocol and network, Poly Network announced today that it was attacked with cryptocurrency assets having successfully been transferred into the attackers' wallets.

    Largest DeFi hack to date: $611 million stolen

    Today, Poly Network announced getting hit by a major attack that led to attackers having successfully transferred Binance Chain, Ethereum, and Polygon assets into their wallets:

     

     

    The Block estimates that the value of stolen assets to be at least $611 million, making this the largest DeFi hack thus far.

     

    Poly Network was created by a collaboration between multiple blockchain providers, namely, Neo, Ontology and Switcheo to enable users to exchange tokens across different crypto platforms, including Bitcoin and Ethereum.

     

    The attacker wallet addresses associated with this incident are:

     

    ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
    BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71
    Polygon: 0x5dc3603C9D42Ff184153a8a9094a73d461663214

     

    The breakdown of the stolen assets is as follows:

     

     

    Centralized stablecoin provider Tether has since blacklisted the USDT on Ethereum—worth $33 million of tokens, that was stolen in this attack.

     

    "We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses. @Tether_to @circlepay."

     

    "We will take legal actions and we urge the hackers to return the assets," stated Poly Network in the same Twitter thread.

     

    Binance CEO, Changpeng Zhao also tweeted that the company was coordinating with security partners to remediate the situation but that there are no guarantees:

     

     

    The Block research team's Igor Igamberdiev believes the hack was caused due to a cryptography issue, which is a rare happening when it comes to cryptocurrency protocols.

     

    "It may have been similar to the Anyswap exploit, which saw $7.9 million stolen due to a hacker reversing the private key," surmised Igamberdiev.

     

    Blockchain security firm SlowMist claims they were able to trace the attacker's ID and have identified the attacker's email address, IP address, and device fingerprint.

     

    According to SlowMist, the attacker transacted in Monero (XMR) originally and exchanged the funds later for BNB, ETH, MATIC, and other tokens used to fund the attack.

     

    The complete damage and implications resulting from this incident are yet to be found out, but networks and pools relying on Poly Network may have to suspend their operations.

     

    That has already been the case with the O3 trading pool that uses Poly Network. O3 has halted its cross-chain functionality.

    Users posting money laundering tips

    Following the attack, BleepingComputer has come across transactions sent to the attacker with tips on how to launder the money and requests for free cryptocurrency.

     

    Some of the tips appear to be from threat actors or other scammers on ways the stolen funds can be laundered:

     

    defi-hack-tips.jpg

    Transactions have odd comments providing money laundering tips (BleepingComputer)

    Another tip was sent by a user warning the hacker not to transfer the USDT tokens as they have been blacklisted:

     

    wallet-usdt.jpg

    Another transaction with hint that the blacklisted USDT token should not be used

    In return for the tip to not transfer blocklisted USDT, the threat actor sent the user 13.37 Ethereum tokens (the amount being an innuendo for "leet") worth $41,474.41, as seen by BleepingComputer.

     

    After receiving the money, the tipper began donating 1.337 ETH tokens or $4,148.32 to Binance Charity [transaction], Archive.org [transaction], Etherscan [transaction], and infura.io [transaction].

     

    Other transaction comments seen by BleepingComputer are from people asking the threat actor to send them free cryptocurrency.

     

    "I come from a remote and impoverished Guizhou mountainous area in China, and I need money to study for my sister. My sister's name is July, and I thank you for her! Robinson," read another tip seen by BleepingComputer.

     

    "Respected Hacker... I'm a father of three, and my wife is in chemo for cancer. I sold my house and the car. Deposit O3 hopes to provide medical expenses for my wife, and help me better take care of them, but today your behavior causes me to bankrupt, I hope you can give me money 5 eth. 0xe3D....0b03c," read yet another comment.

     

    This is a developing story.

     

     

    Over $600 million reportedly stolen in cryptocurrency hack


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...