Poly Network Suffers Largest Crypto Hack Ever Recorded
Standoff between Poly Network and Hacker over keys to multisig wallet
Aug 18 Update:
In an August 17 Medium article, the Poly Network team announced that they had offered the hacker, whom they refer to as “Mr. White Hat,” the position of Chief Security Officer along with a $500,000 bounty for identifying the exploit. In the post, the team declared they have “no intention of holding Mr. White Hat legally responsible.”
While the hacker has so far refused the position and the bounty, the ordeal is far from over. While a majority of the funds had been returned in the days following the attack, a large portion of the returned funds—about $235 million—remain in a multisig A wallet is a device (a hardware device, a program, or servi... More under the control of Poly Network and the hacker. This means that Poly Network cannot move the funds out of this wallet without the hacker’s private keys.
Despite the hacker ignoring the $500,000 bounty offer, Poly Network decided they could still send the funds (160 ETH) to an In a cryptocurrency context, an address is a cryptographic k... More under the hacker’s control anyway, as disclosed in another on-chain message.
The hacker responded on-chain, challenging Poly Network’s motives and stating he is not ready to publish the private keys this week.
In their response, Poly Network stated they would still donate the 160 ETH to the hacker, continuing to plead that the hacker release the private keys as soon as possible.
On August 10, Poly Network suffered a $612 million hack—the largest crypto-related hack to date. Where the typical DeFi hack is against specific DeFi instruments, resulting in much smaller losses, in this case the attack was against Poly Network’s infrastructure, focusing on the DeFi platform itself and targeting control of the decentralized exchange’s (DEX) A smart contract is a computer protocol intended to digitall... More. As a result, the main cross-chain contract became completely controlled by the hacker, allowing him to unlock tokens that were supposed to be locked within the contract, send the tokens to addresses under their control, and then repeat the attack across chains.
How Poly Network was hacked
Poly Network acts as a cross-chain interoperability bridge to facilitate the transfer of tokens between two relatively independent blockchains. As such, one of their main Poly Network smart contracts is the bridge itself. In order for bridges between chains to act effectively (e.g. for users to be able to use the network to transfer tokens across chains), they need to maintain large sums of liquidity. Whenever a user wants to “bridge” between chains Poly Network needs to efficiently burn/mint the equivalent assets on the respective chains.
The contract that issues these cross-chain token transfers uses “keepers” to verify and execute the transactions. Once the keeper signs on the source chain the CrossChainManager contract on the destination chain will check the Keeper’s signature for validity and execute the equivalent on the destination chain to complete the “bridge”.
Since the smart contract executes the transactions and not the user themselves, the hacker was able to exploit the CrossChainManager smart contract and swap the “keepers” for a malicious keeper under their control. As a result, the main cross-chain contract on the Poly Network became completely controlled by the hacker, allowing him to unlock tokens that were supposed to remain locked within the bridge contract and move the tokens to addresses under his control. The hacker then replicated the attack across chains.
Who are the real victims of the Poly Network hack?
As a result of the hacker’s actions, users’ funds that were “locked” in these contracts suffered the true loss. While specific individuals tokens were not taken, by removing such a large amount locked in the protocol, Poly Network would no longer have the liquidity to support a large scale exodus if all users wished to pull their funds from the contracts. However, because of the decentralized nature of DeFi, the lack of any KYC processes and cross-border reach means identifying who the real victims are and where they are located is nearly impossible.
Overall, it’s a sophisticated exploit to a poorly designed smart contract, with the “risk” and “behavior” affecting the users of Poly Network. The investors are the true victims not Poly Network themselves. Arguably, Poly Network shares responsibility with the hacker by not ensuring the quality of their smart contract thereby exposing investors to significant risk.
There is currently no indication that the Poly Network code had ever received an audit. Searching through the protocol’s GitHub repos did not indicate any audits had been performed or reported.
Poly Network hacker returns the stolen funds
Much to the surprise of those monitoring the Poly Network theft, on August 11 the attacker began returning some of the stolen funds. This left many over the internet to wonder—why?
In all the swapping the hacker has done in an effort to obfuscate their trail, it appears the hacker had at one point reused a wallet that already had previous transactions with some prominent exchanges that could have identifying “know your customer” (KYC) information on him.
There are claims of the hacker potentially being a white hat, given the returning of funds. However, it is extremely unlikely that a white hat would have taken the same steps to attempt to obfuscate the funds trail if they had always intended on returning the money.
At the time of this blog, CipherTrace has confirmed nearly all funds have been returned to Poly Network into the addresses they had developed specifically for the hacker to return the funds. These addresses are:
Funds frozen August 10 (day of hack)
$33M USDT frozen
Funds returned August 11
Poly contract: $85 million USDC
BSC contract: $256.2 million in 3 major tokens (mostly BTCB, Binance pegged ETH, BUSD) and $2.637 million in BNB
Ethereum contract: $3.4 million in SHIB, renBTC, and Fei
Funds returned August 12
Ethereum contract: $96.9 in DAI, $47.8 in WBTC, $93M in ETH
The repercussions of such a large DeFi hack
Lawmakers will expedite implementation of DeFi regulations, especially as the number of DeFi hacks spirals, as epitomized by this latest Poly Network hack. Ultimately, regulators are likely to classify decentralized exchanges (DEXs) as The term "virtual asset" refers to any digital representatio... More service providers (VASPs) in accordance with the FATF’s recommendations. FinCEN is likely to classify DEXs as Money Service Businesses (MSBs), which means DEXs and other DeFi applications will be required to meet Anti-Money Laundering (AML) rules are in place to help prote... More and KYC obligations. I would also expect the CFTC to regulate DeFi communities and the SEC to regulate DeFi securities regulations.
In addition smart contract quality standards will become more rigorous, audit standards will emerge. Further, the DeFi “insurance market” will evolve and mature that can adequately evaluate and under right DeFi technical risks.
DeFi hacks approach $2 billion for the year—what’s next?
This hack exemplifies the importance of smart contract security and audit standards to assure the quality and reduce vulnerabilities in the code.
According to our latest Cryptocurrency Crime and Anti-Money Laundering Report, by the end of August the DeFi-hack volume netted by criminals in 2021 make up $361 million. Today this number has nearly tripled as DeFi hacks now make up $994 million, making up 90% of all of 2021’s hack volume which tops just over $1.1 billion.
As DeFi hacks and fraud continue to grow exponentially quarter over quarter, the future of DeFi crime appears grim if the trend is to continue. If DeFi crimes continue to grow more sophisticated, as previewed by the Poly Network hack, smart contracts are likely to be increasingly targeted for larger scale attacks.
On August 11 the hacker held an “on-chain” Q&A. The following can be viewed by decoding the input data on some of his transactions.
Q & A, PART ONE:
Q: WHY HACKING?
A: FOR FUN :)
Q: WHY POLY NETWORK?
A: CROSS CHAIN HACKING IS HOT
Q: WHY TRANSFERING TOKENS?
A: TO KEEP IT SAFE.
WHEN SPOTTING THE BUG, I HAD A MIXED FEELING. ASK YOURSELF WHAT TO DO HAD YOU FACING SO MUCH FORTUNE. ASKING THE PROJECT TEAM POLITELY SO THAT THEY CAN FIX IT? ANYONE COULD BE THE TRAITOR GIVEN ONE BILLION! I CAN TRUST NOBODY! THE ONLY SOLUTION I CAN COME UP WITH IS SAVING IT IN A _TRUSTED_ ACCOUNT WHILE KEEPING MYSELF _ANONYMOUS_ AND _SAFE_.
NOW EVERYONE SMELLS A SENSE OF CONSPIRACY. INSIDER? NOT ME, BUT WHO KNOWS? I TAKE THE RESPOSIBILITY TO EXPOSE THE VULNERABILITY BEFORE ANY INSIDERS HIDING AND EXPLOITING IT!
Q: WHY SO SOPHISTICATED?
A: THE POLY NETWORK IS DECENT SYSTEM. IT’S ONE OF THE MOST CHALLENGING ATTACKS THAT A HACKER CAN ENJOY. AND I HAD TO BE QUICK TO BEAT ANY INSIDERS OR HACKERS, I TOOK IT AS A BONUS CHALL :)
Q: ARE YOU EXPOSED?
A: NO. NEVER. I UNDERSTOOD THE RISK OF EXPOSING MYSELF EVEN IF I DON’T DO EVIL. SO I USED TEMPORARY EMAIL, IP OR _SO CALLED_ FINGERPRINT, WHICH WERE UNTRACABLE. I PREFER TO STAY IN THE DARK AND SAVE THE WORLD.
Q & A, PART TWO:
Q: WHAT REALLY HAPPENED 30 HOURS AGO?
A: LONG STORY.
BELIEVE IT OR NOT, I WAS _FORCED_ TO PLAY THE GAME.
THE POLY NETWORK IS A SOPHISTICATED SYSTEM, I DIDN’T MANAGE TO BUILD A LOCAL TESTING ENVIRONMENT. I FAILED TO PRODUCE A POC AT THE BEGINNING. HOWEVER, THE AHA MOMEMNT CAME JUST BEFORE I WAS TO GIVE UP. AFTER DEBUGGING ALL NIGHT, I CRAFTED A _SINGLE_ MESSAGE TO THE ONTOLOGY NETWORK.
I WAS PLANNING TO LAUNCH A COOL BLITZKRIEG TO TAKE OVER THE FOUR NETWORK: ETH, BSC, POLYGON & HECO. HOWEVER THE HECO NETWORK GOES WRONG! THE RELAYER DOES NOT BEHAVE LIKE THE OTHERS, A KEEPER JUST RELAYED MY EXPLOIT DIRECTLY, AND THE KEY WAS UPDATED TO SOME WRONG PARAMETERS. IT RUINED MY PLAN.
I SHOULD HAVE STOPPED AT THAT MOMENT, BUT I DECIDED TO LET THE SHOW GO ON! WHAT IF THEY PATCH THE BUG SECRETLY WITHOUT ANY NOTIFICATION?
HOWEVER, I DIDN’T WANT TO CAUSE _REAL_ PANIC OF THE CRYPTO WORLD. SO I CHOSE TO IGNORE SHIT COINS, SO PEOPLE DIDN’T HAVE TO WORRY ABOUT THEM GOING TO ZERO. I TOOK IMPORTANT TOKENS (EXCEPT FOR SHIB) AND DIDN’T SELL ANY OF THEM.
Q: THEN WHY SELLING/SWAPPING THE STABLES?
A: I WAS PISSED BY THE POLY TEAM FOR THEIR INITIAL REPONSE.
THEY URGED OTHERS TO BLAME & HATE ME BEFORE I HAD ANY CHANCE TO REPLY! OF COURSE I KNEW THERE ARE FAKE DEFI COINS, BUT I DIDN’T TAKE IT SERIOUSLY SINCE I HAD NO PLAN LAUNDERING THEM.
IN THE MEANWHILE, DEPOSITING THE STABLES COULD EARN SOME INTEREST TO COVER POTENTIAL COST SO THAT I HAVE MORE TIME TO NEGOTIATE WITH THE POLY TEAM.
Q & A, PART THREE:
Q: WHY TIPPING 13.37?
A: I FEELED THE WARMTH FROM THE ETHEREUM COMMUNITY.
I WAS BUSY INVESTIGATING ISSUES FROM HECO AND DEBUGGING MY SCRIPTS. I THOUGHT IT WERE NETWORKING ISSUES WHY I COULD NOT DEPOSIT (I WAS BEHIND A SOPHISTICATED PROXY). SO I SHARED MY GOODWILL THE GUY.
Q: WHY ASKING TORNADO AND DAO?
A: HAVING WITNESSED SO MANY HACKINGS, I KNEW DEPOSITING INTO TORNADO IS A WISE BUT DESPERATE DECISION. IT WAS AGAINST MY ORIGINAL INTENTION. BEING THE CROWDSOURCED HACKER WAS JUST MY BAD JOKE AFTER MEETING SO MANY BEGGARS :)
Q: WHY RETURNING?
A: THAT’S ALWAYS THE PLAN! I AM _NOT_ VERY INTERESTED IN MONEY!I KNOW IT HURTS WHEN PEOPLE ARE ATTACKED, BUT SHOULDN’T THEY LEARN SOMETHING FROM THOSE HACKS? I ANNOUNCED THE RETURNING DECISION BEFORE MIDNIGHT SO PEOPLE WHO HAD FAITH IN ME SHOULD HAD A GOOD REST ;)
Q: WHY RETURNING SLOWLY?
A: I DO NEED TIME TO TALK WITH THE POLY TEAM. SORRY, IT’S THE ONLY WAY I KNOW TO PROVE MY DIGNITY WHILE HIDING MYSELF IDENTITY. AND I NEED SOME REST.
Q: THE POLY TEAM?
A: I ALREADY STARTED TALKING WITH THEM BRIEFLY, THE LOGS ARE ON THE ETHEREUM. I MAY OR MAY NOT PUBLISH THEM. THE PAINS THEY HAVE SUFFERED IS TEMPORARY BUT MEMORABLE.
I WOULD LIKE TO GIVE THEM TIPS ON HOW TO SECURE THEIR NETWORKS,SO THAT THEY CAN BE ELIGIBLE TO MANAGE THE BILLION PROJECT IN THE FUTURE. THE POLY NETWORK IS A WELL DESIGNED SYSTEM AND IT WILL HANDLE MORE ASSETS. THEY HAVE GOT A LOT OF NEW FOLLOWERS ON TWITTER, RIGHT?
Value taken from Poly Network Hack
Poly Network Hacker Addresses
Poly Network publicly identified three addresses allegedly controlled by the attacker:
- 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963 (ETH)
- 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71 (BSC)
- 0x5dc3603C9D42Ff184153a8a9094a73d461663214 (POLYGON)