poly network - Pwim.Net

Largest DeFi Hack Recorded on Poly Network with $610M Stolen

The largest hack in decentralised finance (DeFi) history was unveiled when Poly Network, an interoperable blockchain protocol, announced compromised its platform.

As a platform that supports the trio of Binance Smart Chain (BSC), Ethereum and Polygon, these blockchain networks were breached simultaneously, with the total assets lost summing up to about $610 million.

The Poly Network team has called the hacker to refund the stolen funds, with the open letter shared on the platform’s official Twitter address.

The letter reads:

“Dear Hacker, we want to establish communication with you and urge you to return the hacked assets. The amount of money you hacked is the biggest one in DeFi history. Law enforcement in any country will regard this as a major economic crime and you will be pursued. It is very unwise for you to do any further transactions. The money you stole are from tens of thousands of crypto community members, hence the people. You should talk to us to work out a solution.”

The three addresses in which the funds were sent have been marked as shown in the screenshot below.

Crypto Community Pledges Support

The hack involving these DeFi protocols is quite different from those have seen from centralised exchanges with related hack cases in the past. No one controls the three compromised protocols as they are smart contracts with customer’s funds. The procedure to track the stolen funds solely entails the hacker moving the money to an easily tracked address. Should the hacker leave the tokens in the addresses, the effort to recover the funds may be stiffened a bit more.

However, industry leaders, including Binance exchange’s CEO, Changpeng Zhao, have revealed that efforts are ongoing to coordinate “with all our security partners to help proactively” recover the funds.

Hackers Return $260M amid the Cyberattack against Poly Network

Following the largest cyber heist in the history of Decentralized Finance (DeFi), an offshoot of blockchain applications in which a total of $610 million were stolen through the exploitation of Poly Network, the attacker(s) seems to be having a rethink. As confirmed by the interoperable blockchain protocol, a total of $260 million has been returned as of 11 Aug 04:18:39 PM +UTC.

Following the hack which Blockchain.News reported that Poly Network opened a communication line with the hacker, requesting that the stolen funds be returned. As confirmed by the DeFi operator, the returned funds include a total of $3.3 million in Ethereum, $256 million in Binance Smart Chain, and $1 million in Polygon.

“I think this demonstrates that even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics,” Tom Robinson, chief scientist of blockchain analytics firm Elliptic, said via email as reported by CNBC. “In this case, the hacker concluded that the safest option was just to return the stolen assets.”

However, a person claiming to have perpetrated the hack said they did it “for fun” and wanted to “expose the vulnerability” before others could exploit it, according to Reuters, citing digital messages shared by Elliptic, a crypto tracking firm, and Chainalysis.

With about $269M on Ethereum and $84M on Polygon yet to be recovered, many people have questioned the safety promises of the DeFi platform. Over time, cryptocurrency exchanges and blockchain protocols have suffered similar mishaps. However, no decentralised finance platform has witnessed a breach of these magnitudes.

Speaking of this cyberattack, Isaac Fain, CTO at crypto/treasury technology specialist Ledgermatic, said the security properties of cross-chain token facilities are dependent on some form of trust anchor since the chains do not feature a shared consensus protocol:

“In this instance, a vulnerability in the smart contract code allowed the attacker(s) to compromise the trust anchor by making their keypairs the sole authority that linked values between chains. Other networks have similar strategies, including Blockstream’s Liquid and Rootstock’s RSK. In those cases, the developers employ specialized HSM hardware to protect the set of validators that secure the side-chain, providing a secure trust anchor with hardware in accordance with NIST security standards. Poly’s implementation was essentially reduced to an on-chain whitelist that the attackers substituted with their own keys.”

KuCoin suffered a system breach that saw it lose a total of $280 million worth of cryptocurrencies back in October 2020. The exchanges’ effort to recover the fund was profound, and the firm noted that it had sufficient evidence to identify the attacker. Identifying hackers in a DeFi-based protocol may come off as a bit more challenging. However, with the generosity of the Poly Network hacker, the likelihood of recovering more funds is high.

T-Mobile Hacker Leaks Clients' Data to Sale for 6 BTC

United States Telecommunication giant T-Mobile has suffered a massive breach from its servers, compromising over 100 million customer data.

As reported by Motherboard, the data compromised includes T-Mobile customer’s Social Security numbers, names, addresses, and driver licenses.

According to multiple reports, the hacker is selling a portion of the data containing 30 million social security numbers and driver’s licenses in an underground marketplace for 6 Bitcoin’s, worth approximately $277353.42 per BTC price at the time of writing.

Despite the claims that the company has restricted access to its servers from the malicious actors, the hacker said the stolen data are already backed up in multiple locations.

It is unclear yet how the data was breached, and it appears the vulnerability in T-Mobile systems is a perpetual route being exploited by cybercriminals. Year on year, similar data breach incidents were notably recorded.

Blockchain ecosystems have also been subjected to several hacks recently. The protocol breaches took various forms, like a senior worker whose violation of web safety regulations triggered a hacking vulnerability on the South Korean cryptocurrency exchange, Bithumb’s servers.

The emerging world of decentralised finance has also witnessed the attack in its history when the interoperability protocol Poly Network was hacked. The hacker, named by the network as Mr White Hat, stole about $610 million from Binance Smart Chain, Ethereum, and Polygon Network. While the entire hacking ordeal, which lasted for about a week, ended up with the White Hat returning the whole funds, it also showcases that, like T-Mobile, no protocol is safe from cybercriminals.

A deliberate effort to boost transparency in blockchain protocols is known to aid in the recovery of data or funds stolen, unlike other digital systems that big tech firms build on.

Hacker Turns Hero? All Stolen Funds from the Poly Network Have now Returned

Mr White Hat, the hacker behind the Poly Network $610 million exploitation, can be tagged a “hero” now. He has voluntarily returned all of the funds stolen from the interoperable decentralized finance (DeFi) protocol.

“Dear “Hacker”, Thank You! We are ready for a new journey,” Poly Network said in a Tweet in appreciation of the hacker on Monday.

The hack on Poly Network, which saw millions of dollars was moved out from Binance Smart Chain (BSC), Ethereum, and Polygon Network, was notably tagged the biggest heist in the history of cryptocurrencies. Swiftly after the attack was identified, Poly Network opened up a line of communication with the hacker whom the protocol code-named ‘Mr White Hat.”

From the first letter, which the protocol sent publicly begging the hacker to please return the money, there has been a series of exchanges of correspondence between both parties, culminating in the sequential refund of the stolen money. Per the latest updates, the last fund, about $33 million in USDT frozen by Tether in support of Poly Network, has been recovered. Only Mr White Hat has the private key to the address harbouring the funds, and its recovery implies he has shared it with the Poly Network.

For all of the crypto heists recorded in history, including the KuCoin system breach that saw it lose a total of $280 million worth of cryptocurrencies back in October 2020, no hacker has voluntarily returned stolen assets without any authority wading in. Mr White Hat began his mission as a “villain”, and he is now named as a “saint” by the protocol and some observers in the digital currency ecosystem.

For his role in detecting a major bug in its smart contracts, Poly Network has extended an offer to Mr White Hat to come to take up a role as its Security Adviser. The confirmation that this offer will be taken up is yet to be given by the hacker. However, the Poly Network has reiterated it will not be taking legal action against the hacker and has even offered $500,000 as a bug bounty.

Decentralized Finance BXH Network Records a Protocol Hack with about $130M in Stolen Funds

Decentralized trading platform BXH Network has suffered a system breach that has resulted in about $130 million from the protocol.

While the initial announcement from the company noted that only assets on the Binance Smart Chain (BSC) networks are affected, SlowMist, a security service provider in the crypto ecosystem, affirmed that more than $130 million had been stolen thus far.

With over 4000 ETH confirmed as a loss by BXH Network, the hacker’s addresses have been published with an open plea to centralized exchanges and partners to blacklist the addresses as the quest to retrieve the funds continues. When publishing the update about its protocol’s data breach, BXH noted that it had suspended transactions across all of the chains, including BSC, HECO, and Ethereum, to maintain systems safety.

The compromise of decentralized finance (DeFi) protocols is gradually becoming a regular occurrence nowadays in the digital currency ecosystem. These occurrences are largely showcasing how unsafe these protocols are, and as a result, strain the broad trust in DeFi related innovations as the next revolutionary force in financial transformation.

Per an earlier Blockchain.news report, Poly Network, an interoperable DeFi protocol, suffered the biggest breach in crypto history, with more than $610 million stolen by the hacker. The protocol contacted the hacker, christened Mr. White Hat, who returned all of the stolen funds after a series of correspondences.

BXH Network appears to be taking this approach as it appeals to the hacker to return the stolen funds. It will consider the data exploit as a white hat, with a declaration of readiness to reward the attacker for the actions. As of the time of writing, there is no confirmation of response from the hacker, a move that suggests the BXH hacker has a different motivation compared to that of Poly Network.

Animoca Brands-Backed Lympo Protocol Suffers Hack With Over $162M Loss

The year 2022 might have opened with bearish dips for various protocols and tokens in the digital currency ecosystem. Still, it is now proving to be much worse for Lympo Protocol, a Sports Non-Fungible Token (NFT) platform that Animoca Brands power.

According to a statement shared with its community members, the protocol suffered a cyberattack that duly impacted its hot wallets, leading to a loss of approximately 165.2 million LMT tokens ((worth around USD 16.5m before the hack).

The hack fueled the plunge of the LMT tokens by over 99% in the minutes when the hack was made known, a development that places the coin as one of the biggest losers for the day. Lympo identified as many ten unique wallets that were compromised, noting that it has “enacted safeguards to ensure that no additional LMT could be stolen by the hackers.”

We are temporarily removing LMT from various liquidity pools in order to minimize disruption to token prices following the hack,” the protocol revealed in a statement, adding, “The attack is still being investigated, but we assure all LMT token holders that we are working hard to resume normal operations as soon as possible. We are preparing a comprehensive plan on how the effects of this attack will be remediated and will share it with our community as soon as it’s available.”

The platform, however, noted “that the majority of the LMT reserve sits in cold wallet storage, and has remained secure and uncompromised throughout the incident.”

Despite the impressive growth outlook of DeFi in the past year, the incidence of hacking remained one of the major talking points and downsides of the growing world of decentralized finance in 2021. From the breach of Poly Network to the hack of Cream Finance and Solana, amongst others, the industry suffered many protocol breaches that made critics cast doubts on the capability of the ecosystem’s security infrastructure to sustain the mass mobility of new users into the space.

The crypto world has many obligations this year, with the most daring being the prevention of hacks and cyberattacks across the board.

Beanstalk Stablecoin Protocol Suffers $80M Loss in Hacking

An emerging Ethereum stablecoin protocol, Beanstalk has come off as the latest blockchain startup that suffered a breach from hackers with a massive loss of $80 million moved from the protocol.

Peckshield, a blockchain security and data analytics firm, first flagged the exploit on Twitter before the startup later confirmed it.

In the acknowledgement of the attack, the Beanstalk Farms team said it is investigating the incident and will announce to the community as soon as possible. While Peckshield pegged the loss at around $80 million, it gave an allowance that could effectively make the losses more than projected. A total of 24,830 ETH and 36 million BEAN tokens are feared to have been lost in total.

Hacks and exploits are now commonplace, especially amongst Decentralized Finance (DeFi) protocols. The rate of cybercrime involving these protocols has exceeded $1 billion this year, and more exploits are feared to be underway. The Beanstalk team said they are in contact with as many partners as possible, and an appeal has been shared in a separate tweet to Centralized Exchanges to help limit the way the attacker can utilize the funds stolen.

“We’re engaging all efforts to try to move forward. As a decentralised project, we are asking the DeFi community and experts in chain analytics to help us limit the exploiter’s ability to withdraw funds via CEXes. If the exploiter is open to a discussion, we are as well”

The concept of open discussion with a hacker has only yielded fruits with Poly Network, an interoperability protocol that was exploited for over $600 million last year. Through the openness of the hacker and the team, the entire funds stolen were returned, marking a historic moment in the history of cybercrime.

While the Beanstalk hack is obvious that more security loopholes have to be covered, outfits like CertiK have been receiving funding from investors to provide a good shield for protocols in the DeFi world.

Axie Infinity's Ronin Bridge Officially Reopens after $625m Hack

Axie Infinity’s Ronin Bridge is back online months after it was drained about $625 million through an exploit in March.

As announced by the protocol on Tuesday, all users’ funds have now been restored on a 1:1 basis as previously promised by Sky Mavis.

According to the Ronin team, users can now make transactions through wETH and USDC as the founding team has sufficiently tackled liquidity issues with industry partners’ support. The move to re-open the Ronin Bridge was first hinted at last week by the protocol, and at this time, it confirmed it has implemented quite a number of upgrades to prevent further attacks.

Ahead of this re-opening, the Ronin protocol notably conducted three distinct audits, including one initiated internally and two external audits. The external audits were carried out by CertiK and Verichains, respectively. The audits, which Sky Mavis initiated, the blockchain startup behind the Axie Infinity Play-2-Earn game, reportedly enabled the team to “identify and implement a number of opportunities for improvement.”

The Established Changes

The other latest implementations include the new governance system, which would close all lapses that will further shield the entire protocol.

“Going forward, the governance process will be conducted via a decentralized voting mechanism. The governors will be empowered to vote for changes such as: adding/removing validators, upgrading contracts, changing thresholds, etc. The design of the governance voting method is serial: only one governance vote can be held at a time, and that vote must be completed before moving to a new vote,” the team wrote.

To make the Ronin Bridge completely foolproof, a new circuit breaker system has been introduced, which will automatically prevent withdrawals beyond the limits defined for accounts based on their Tier-levels.

Protocols that have suffered hacks deal with their problems in different ways. The US Treasury Department indicted Wythe Lazarus crime ring from North Korea in the Ronin attack. The hacker who drained about $600 million from Poly Network last year kept a communication line open that eventually led to the full recovery of the stolen funds.

The Ronin protocol has given a 2-year allowance to recoup the stolen funds by working with the authorities. Should the recovery fail by the time, it will resort to a voting system to determine what will happen next.