Image: © Quatrox Production/Stock.adobe.com
Attackers are said to have exploited a vulnerability in a decentralised finance platform to pull off one of the largest cryptocurrency thefts ever.
A major hack of a decentralised finance (DeFi) platform has resulted in more than $600m in cryptocurrency being stolen, according to details of the heist.
Poly Network is a cross-chain platform that operates on the Binance Smart Chain, Ethereum and Polygon blockchains. While it is extremely difficult to tamper with or hack into blockchains, Poly Network said that the hackers in this case exploited a vulnerability in its system.
The platform disclosed the hack on Twitter yesterday (10 August), saying that it was attacked on all three blockchains and identified three addresses where assets have been transferred.
“We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses,” the company said.
“After preliminary investigation, we located the cause of the vulnerability. The hacker exploited a vulnerability between contract calls; exploit was not caused by the single keeper as rumoured.”
Poly Network also tweeted an open letter to the attacker, requesting the return of the assets. “The amount of money you hacked is the biggest in DeFi history,” it said.
“The money you stole are [sic] from tens of thousands of crypto community members.”
Poly Network’s letter suggests it may appealing to a hacker with a ‘Robin Hood’ status, as University College Dublin’s Dr Nima Afraz described it.
“The collective of dark web hackers has long enjoyed the Robin Hood status due to targeting big corporations and donating to charities or leaking classified data on the government and public figure corruption,” Afraz recently told Siliconrepublic.com.
Cryptocurrencies and cyberattacks
While widely reported as one of the largest ever cryptocurrency heists, the Poly Network attack is the latest in a string of fraud and theft incidences in the DeFi sector.
A report from crypto intelligence company CipherTrace said losses from the DeFi sector hit an all-time high in the first seven months of the year, with $361m in criminal losses from January to July.
Even though security is often seen as one of the major benefits of blockchain, cybercriminals and attacks are becoming more sophisticated all the time.
In 2019, cryptocurrency exchange Coinbase suspended trading on Ethereum Classic after attackers stole almost $500,000 worth of cryptocurrency.
Afraz also spoke about the double-edged sword of blockchain when it comes to the increasing cyberattacks happening around the world. While the technology can be used as a preventative measure against cyberattacks, he also said it can also be used by cybercriminals in attacks outside of cryptocurrency theft.
“The bad news is blockchain technology might prove to be the missing link in the full automation of ransomware attacks. Cybercriminals have already made efforts in automating the process of customising and selling ransomware,” he said.
