Around 1:00 PM UTC, the official Twitter handle for Poly Network reported an attack on their platform resulting in one of the worst attacks on DeFi since its inception. The hacker managed to transfer over $600 million in assets to Polygon, Ethereum, and Binance Smart Chain (BSC) addresses.
According to their website, PolyNetwork is a protocol built to operate across multiple blockchains to perform transactions with their Decentralized Exchange (DEX), lending and borrowing, and stablecoin based services. The platform has been integrated with Bitcoin, Ethereum, BSC, Ontology, Elrond, Ziliqa, and others.
Poly Network called on miners, crypto exchanges, and other entities to blacklist the funds in stablecoins and DeFi tokens which included Wrapped Bitcoin (WBTC), Wrapped Ethereum (WETH), RenBTC, DAI, UNI, Shiba Inu (SHIB), FEI, USD Coin (USDC), Tether (USDT).
The hack took place on an interoperable blockchain agnostic trading pool built with O3 Labs, called O3 Swap. Poly Network added:
After preliminary investigation, we located the cause of the vulnerability. The hacker exploited a vulnerability between contract calls, exploit was not caused by the single keeper as rumored.
Although the hacker successfully managed to move the funds, some entities, such as Tether, responded to Poly Network’s called and blacklisted part of the assets. The attacker attempted to “launder” the loot using Curve and other DeFi protocols, but some of the transactions failed because the blacklisted USDT was used in the transactions.
A community member with the name “Hanashiro.eth” warned the hacker about using USDT via a message on a transaction and received $42,000 or 13.37 ETH from an address linked to the “PolyNetwork Exploiter”, as seen below. Many others tried to aid the hacker in an attempt to receive a reward and started referring to the hacker as “Etherhood”.
DeFi Hacker Identified After Stealing Funds From Poly Network?
The attacker managed to convert a large portion of the funds, except for the centralized stablecoins. Poly Network published the following message trying to establish a communication channel with the hacker and retrieve part of the DeFi tokens:
The amount of money you hacked is the biggest one in the defi history. Law enforcement in any country will regard this as a major economic crime and you will be pursued. It is very unwise for you to do any further transactions. The money you stole are from tens of thousands of community members, hence the people.
Shortly after, security firm SlowMist published a report claiming that they have identified the attacker’s mailbox, IP, and device fingerprint. The firm apparently used on-chain and off-chain data to track the hacker with the help of their partners and exchange platforms.
Other reports claimed that the DeFi funds were tied to centralized entities. Thus, it was possible to track down the attacker. Via a message input in a transaction, the hacker said:
IT WOULD HAVE BEEN A BILLION HACK IF I HAD MOVED REMAINING SHITCOINS! DID I JUST SAVE THE PROJECT? NOT SO INTERESTED IN MONEY, NOW CONSIDERING RETURNING SOME TOKENS OR JUST LEAVING THEM HERE.
At the time of writing, ETH trades at $3080 with a 2.3% loss in the daily chart.