The hacker “too much fun” stole $600 million and returned it, and was hired as a consultant instead of being held accountable!

Recently, the cross-chain interoperability agreement organization Poly Network was stolen by hackers of US$610 million in assets. As of the latest report on the 24th, the hacker has returned all US$610 million in assets (except for the US$33 million USDT which was frozen). Currently, Poly Network has decided not to pursue its legal liability anymore and intends to hire him as the company's chief security consultant.

incident review:

On August 10, Poly Network announced that it had been attacked by hackers. They took advantage of a loophole in their system and stole thousands of digital tokens, including Ethereum. The total value of the stolen encrypted assets was US$613 million.

Poly Network Twitter stated:

Important notice: We regret to announce that #PolyNetwork has been attacked by @BinanceChain, @ethereum and @0xPolygon

The assets have been transferred to the following address of the hacker:
ETH：0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
And BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8037.B32

Subsequently, the Poly Network issued a notice to the attackers, asking them to "establish contact and return the stolen assets" and warned them that they would be hunted down by law enforcement agencies of various countries, and they began to return some of the cryptocurrency they had stolen.

At the same time, Paolo Ardoino, Tether's chief technology officer, tweeted that Tether had frozen the Tether worth about $33 million stolen by hackers.

On August 11, approximately $260 million worth of cryptocurrency has been returned to the Poly Network address, including $256 million BSC, $1 million from Pliygon, and $3.3 million from Ethereum.

On August 12, Poly Network posted a message on Twitter that the hackers had returned about one-third of the stolen funds, a total of 260 million U.S. dollars.

On August 17, Poly Network also stated that since the attackers had returned most of their digital assets, they decided not to pursue their legal liabilities. Not only that, but also hire him as the company's chief security consultant.

The above is the whole process of this incident. Later, foreign media reported that a hacker who claimed to be involved in the "coin theft" attack said that he hoped to expose the vulnerability before others exploit it. As for why he did this, it was just for "fun".

event analysis:

It is reported that the Poly Network mainnet was launched in August 2020. It is a cross-chain organization co-sponsored by Neo, Ontology, and Switcheo Foundation as founding members, and distributed technology as the technology provider. The organization uses a uniquely designed heterogeneous chain and cross-chain bridge technology to control cross-chain by deploying smart contracts in the source chain, claiming to be the world's leading "lightweight" heterogeneous chain cross-chain interoperability protocol.

For this incident, the relevant security team in the industry also gave their own opinions: This may be a long-planned, organized and prepared attack. The reasons for the analysis are as follows:

According to the exposure information provided by Poly Network, after Poly Network issued a notice to hackers, asking them to “establish contact and return the stolen assets”, and warned them that they would be hunted down by law enforcement agencies of various countries before the hackers began to return them. Some of the cryptocurrency they stole.

Subsequently, the attackers involved in the incident sent a message embedded in a cryptocurrency transaction to the Poly Network, stating that they were "preparing to return" the funds. Immediately afterwards, Poly Network also responded, asking them to send these cryptocurrencies to three addresses.

As a result, industry insiders said, “Combining the flow of funds and multiple fingerprint information, it can be found that the source of funds is Monero (XMR), which is replaced by currencies such as BNB/ETH/MATIC on the exchange and withdrawn to 3 addresses, and then launch an attack on 3 chains", or it may be "because the cross-chain contract keeper is modified to a hacker's address, so that the attacker can construct a transaction at will and withdraw any amount of funds from the contract." Therefore, this attack was intentional.

According to the latest analysis report of the security company BlockSec, the cause of the attack on the Poly Network may be "the private key used for cross-chain signatures was leaked or the signature program has logic loopholes that led to the signing of the attack transaction."

event alert

According to industry analysts, prior to this, there were very few incidents of cross-chain attacks in the industry. However, in the five security incidents that occurred within a short period of time, a total of more than $17 million was lost. It can be seen that cross-chain attacks have increased significantly, and hackers seem to have begun to target the cross-chain protocol ecology.

Also belonging to the NEO ecosystem, O3 is one of the cross-chain protocols with the largest amount of lock-up. There have been many organized attacks against other cross-chain protocols. However, these attacks did not arouse Poly Network's sufficient vigilance, which is indeed incredible.

In recent years, Poly Network, which has continued to make efforts in the DeFi field, has also begun to become a target of attack. In this regard, industry research analysts said, "The interoperability between DeFi protocols has become more and more complex, so new attack vectors have been opened up and will become more frequent in the future."

It is said that the "coin theft" by hackers on the Poly Network is currently the most serious security incident in the history of the DeFi (decentralized finance) industry. The hacker took advantage of a loophole in the Poly Network code to transfer digital assets to himself.

At present, the U.S. financial regulators are very concerned about DeFi. The U.S. SEC has charged the first DeFi case and may increase its efforts to deal with the incident. The outside world believes that this operation may induce global supervision to suppress DeFi.

Just now, Poly Network also expressed emotion about the lost assets. The relevant translation "So far, Poly Network has regained control of US$610 million (excluding the frozen US$33 million TEDA) of assets. We would like to thank White Hart again. Mr. Te’s commitment to fulfillment is also grateful to the community, partners and multiple security agencies for their help.”

In the Poly Network “theft of coins” incident, the hackers have returned most of the digital assets. Although Poly Network also stated that it will no longer be held accountable, as the most serious security incident in this field so far, the impact on the entire industry is also unprecedented. I believe that the NEO ecology and the DeFi industry will pay more attention to such incidents in the future, and have a safer prevention mechanism to jointly combat illegal attacks and jointly maintain the positive development of the industry ecology.