Tag Archive for: $600M

Hacker behind $600M Poly Network theft returns stolen cryptocurrency

/in


Poly Network, the cross-chain decentralized finance platform provider that had about $600 million in cryptocurrency stolen from it earlier this month, has had all the funds returned.

The hack, first reported Aug. 10, involved the theft of Binance Chain, Ethereum and Polygon assets, with estimates that they were worth at the time up to $611 million. The hacker took advantage of a cryptography issue to exploit functions that modified contracts on Poly.

The following day, the hacker, who went by the name of “Etherhood,” started returning small amounts of some of the stolen funds. Etherhood said that the primary motivation for the hack was “for fun” that they had gone after the Poly Network as “cross-chain hacking is hot.”

Etherhood went on to explain that he or she had stolen the cryptocurrency to keep it safe before insiders exploited the vulnerability. That was capped off with the statement, “I prefer to stay in the dark and save the world.”

It was speculated at the time that some of the funds were being returned in an attempt to avoid criminal charges after researchers had tracked down identifying information. Etherhood, who did promise to return all the funds, has now done so.

Bleeping Computer reported that the hacker, now going by the name of “Mr. White Hat,” gave Poly Network access to the last tranche of stolen digital assets in their wallet, worth around $141 million earlier today.

“At this point, all the user assets that were transferred out during the incident have been fully recovered,” Poly Network wrote on Medium. “Thanks to Mr. White Hat’s cooperation, Poly Network has officially entered the fourth phase of our roadmap ‘Asset Recovery.’ We are in the process of returning full asset control to users as swiftly as possible.”

Poly Network paid the hacker a $500,000 reward in cryptocurrency, officially as a bug bounty for uncovering the cryptography issue. The payment could also be argued to be a reward for doing the right thing and returning the stolen cryptocurrency, however.

The hacker, who is strangely very talkative, left a message on the final transfer, apologizing and promising to return more funds that were originally…

Source…

Thief hands back at least a third of $600m in crypto-coins stolen from Poly Network • The Register

/in


Whoever drained roughly $600m in cryptocurrencies from Poly Network is said to have returned at least $260m so far.

The cyber super-heist, revealed yesterday, was described by Poly Network as the largest of its kind in decentralized finance history. The Chinese biz, which handles the exchange of cryptocurencies and other tokens between various blockchains, today said more than a third of the money pilfered from its systems has been returned.

Here’s what Poly Network had to say earlier:

Poly Network said the crook was able to interfere with the execution of smart contracts – typically, small programs that automatically run to fulfill agreements between parties – that are used by the platform to exchange people’s tokens and coins. Thus, funds were siphoned off in transit as opposed to being extracted directly from digital wallets.

You can find more technical detail here by security analysts Slowmist, and here by blockchain watchers Chainalysis.

“The hacker exploited a vulnerability, which is the _executeCrossChainTx function between contract calls,” a spokesperson for Poly Network told El Reg. “Therefore, the attacker uses this function to pass in carefully constructed data to modify the keeper of the EthCrossChainData contract. It is not the case that this event occurred due to the leakage of the keeper’s private key.”

The team at Chainalysis put it more bluntly: “The attacker pulled off the heist by taking advantage of an exploit in the smart contracts Poly Network uses to carry out cross-chain transactions.”

Earlier, Poly Network publicly pleaded for the thief to return all of the stolen assets, and urged crypto-exchanges and others to refuse to handle transactions from specific wallet…

Source…

Cyber hackers steal $600m in daring cryptocurrency heist after spotting ‘vulnerability’ in blockchain site

/in


HACKERS have stolen $600 million in a daring cryptocurrency heist after spotting a blockchain vulnerability.

In one of the biggest ever cryptocurrency thefts, the cyber criminals exploited a vulnerability in Poly Network, a platform that looks to connect different blockchains so that they can work together.

Hackers have made off with hundreds of millions of dollars in cryptocurrency

1

Hackers have made off with hundreds of millions of dollars in cryptocurrencyCredit: Getty

A blockchain is where encrypted data can be supposedly transferred securely, making it nearly impossible to duplicate or counterfeit.

The site said the hackers have taken thousands of digital tokens such as Ether.

“The amount of money you hacked is the biggest one in the defi history,” Poly Network said in a tweeted message to the thieves, using a reference to decentralised finance involving cryptocurrency.

The platform added that the money as stolen from “tens of thousands of crypto community members”.

Poly Network threatened police involvement, but also pleaded with the hackers to “work out a solution”.

The site said an initial probe investigation found a hacker exploited a “vulnerability between contract calls”.

About $267m of Ether currency has been taken, $252m of Binance coins and roughly $85 million in USDC tokens.

Once the hackers stole the money, they began to send it to various other cryptocurrency addresses, CNBC reports.

Researchers at security company SlowMist said a total of more than $610 million worth of cryptocurrency was transferred to three different addresses.

SlowMist said that their researchers had “grasped the attacker’s mailbox, IP, and device fingerprints” and are “tracking possible identity clues related to the Poly Network attacker”.

The researchers concluded that the theft was “likely to be a long-planned, organized and prepared attack”.

LONG PLANNED ATTACK

The site urged cryptocurrency exchanges to “blacklist tokens” coming from the addresses that were linked to the hackers.

Cryptocurrency systems have been were developed independently, so have struggled to work in conjunction with each other.

Each digital coin has its own blockchain and they’re different to each other but Poly Network claims to be able to make these various blockchains…

Source…