Poly Network Hack: Noble Mr. White Hat

Poly Network Hack: Noble Mr. White Hat

On August 10, 2021, the hacker committed the largest heist in history, stealing $ 613 million worth of cryptocurrencies from the Poly Network token exchange platform.

In the immediate aftermath of these events, some investors began to concern their Polygon (MATIC). Although there were absolutely no grounds for such concerns. The confusion came from the similarity in the name. Polygon is a protocol and platform for building and connecting blockchain networks compatible with Ethereum. And it has nothing to do with Poly Network.

Let’s take a look at poly network vs polygon comparison and consider the poly network hack case.

What is Poly Network

Poly Network is a Decentralized Finance (DeFi) platform that simplifies token transfer or exchange transactions between different blockchains. For example, clients use the Poly Network to transfer BTC from the Ethereum blockchain to the Binance.

It is not known where the Poly Network platform is located or who operates it. 

How tokens were stolen

The Poly Network is powered by the Binance Smart Chain, Ethereum, and Polygon blockchains. Tokens are exchanged between blockchains using a smart contract that contains instructions on when to transfer assets to counterparties.

According to the company CipherTrace, one of the smart contracts supports a large amount of liquidity so that users can exchange tokens in large volumes. A preliminary investigation into the theft showed that hackers exploited a vulnerability in this smart contract.

The hacker reprogrammed the settlement instructions for each of the three blockchains and redirected funds to the addresses of the three wallets for storing tokens. The wallets were later tracked and published by the Poly Network.

The hacker stole funds in more than 12 cryptocurrencies.

Where did the money go

Mr. White Hat returned all the money he had stolen to Poly Network. He began to make a return on August 11, 2021. The first transaction included $ 260 million and consisted of $ 3.3 million in Ethereum, $ 256 million in Binance Smart Chain, and $ 1 million in Polygon.

A day later, Poly Networks announced the return of a total of $ 342 million (including the first tranche). At that time, the attacker had $ 268 million in Ethereum at his disposal.

In the following days, the hacker made several more transfers in favor of Poly Network. On August 24, 2021, he gave the exchange access to a crypto wallet with the last $ 141 million on it.

What the hacker wanted to achieve

According to the man who identified himself as Mister White Hat, from the very beginning, he only wanted to prove that there are vulnerabilities in the Poly Network. The exploitation of which could lead to the loss of gigantic sums. He also sought to publicize the information about the presence of vulnerabilities so that the IT specialists of the exchange could not fix it secretly from the public.

The hacker claims that his plan included stealing the money. Still, he wanted it back initially, as he had “little interest in it.” However, co-founder of London-based blockchain security analyst firm Elliptic, Tom Robinson, disagrees. In his opinion, the main goal of the cybercriminal was precisely financed. Still, he quickly realized that he would not recognize these assets in any way since he had attracted too much attention. Then he decided to “show nobility” and return the stolen goods.

Theft reward

Three days later, the exchange offered the hacker a reward of $ 500,000 for the vulnerability found. Mr. White Hat initially turned down a generous offer from Poly Network. However, Poly Network even thanked him for finding the vulnerability. He named the reason for the refusal the same – his goal was just hacking, not money, albeit in a reward.

What made the cybercriminal change his mind and still take the reward offered to him later is unknown. He asked for the money to be transferred in 160 ETH to the account he indicated.

As a token of gratitude and in addition to the reward, the exchange invited the hacker to become its top security advisor. The company also said it did not intend to bring him to legal responsibility.

Crypto exchanges are insecure

Clients of modern crypto exchanges run the risk of losing all their money due to hacking every minute. These exchanges are increasingly attracting the attention of hackers. 

Here are the primary reasons for insecurity over the past year:

1) Liquid was hacked in mid-August 2021. Cybercriminals deprived its clients of assets worth $ 91 million. Unlike Mister White Hat, they are in no hurry to return the loot.

2) In December 2020, attackers hacked the Russian cryptocurrency exchange Livecoin. As CNews reported, due to the hack, the rate of all cryptocurrencies on this exchange began to grow at an incredibly high speed. The same bitcoin in just a few hours rose to $ 2 million. Immediately after the incident, the owners of Livecoin announced a temporary suspension of the exchange.

3) In January 2021, Livecoin finally ceased to exist. On the day the exchange closed, the founders promised to return all of their funds to users. However, there was one caveat – the creators of Livecoin said that only those who apply before March 17, 2021, would receive money. Those who did not fulfill this simple condition lost their tokens forever.

4) Also, the direct owners of these services can rob clients of crypto exchanges. This is what the founder of the Turkish cryptocurrency exchange Thodex did. At the end of April 2021, he fled the country. He took with him almost $ 2 billion in cryptocurrency belonging to users of his exchange.

5) In June 2021, the creators of the African crypto exchange Africrypt were inspired by his example. They disappeared into thin air, grabbing almost $ 2.3 billion of users’ BTC.