Poly Network announced on Tuesday, August 10, that its platform had been hacked for $611 million in the largest DeFi hack to date. The announcement reads:
Important Notice:— Poly Network (@PolyNetwork2) August 10, 2021
We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker's following addresses:
The Poly Network team has called on the miners of affected blockchain and crypto exchanges to blacklist the assets coming from hacker’s addresses. The team has urged the hacker to return the fund.
Some reports said it is Poly Network Keeper function that had been exploited but the team said that cause of the exploit was a vulnerability between contracts calls. The team wrote:
“After preliminary investigation, we located the cause of the vulnerability. The hacker exploited a vulnerability between contract calls, exploit was not caused by the single keeper as rumored.”
According to reports, stolen assets include $273 million in Ethereum’s ERC20 tokens, 6,610 BSC-based tokens worth more than $252 million, roughly $85 million in USDC tokens on the Polygon network. Stolen assets also include $33 million worth of Tether (USDT), making the total stolen amount to more than $610 million.
“We are aware of the http://poly.network exploit that occurred today. While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can.”
Furthermore, Circle also did not freeze USDC stolen in the hack. Wu Blockchain cited a Chinese blogger who said:
“I consulted USDT, USDC and BSC for the first time. USDT was frozen. The CEO of USDC said that they wanted to go public legally and not frozen. BSC initially said that it was frozen, but after @cz_binance tweeted, know that they are not frozen.”
Chinese Blogger Chaojijun: I consulted USDT, USDC and BSC for the first time. USDT was frozen. The CEO of USDC said that they wanted to go public legally and not frozen. BSC initially said that it was frozen, but after @cz_binance tweeted, Know that they are not frozen. https://t.co/XyvCK6DRIM— Wu Blockchain (@WuBlockchain) August 11, 2021
“The SlowMist security team has grasped the attacker’s mailbox, IP, and device fingerprints through on-chain and off-chain tracking, and is tracking possible identity clues related to the Poly Network attacker.”
Poly Network is a protocol for swapping tokens across multiple blockchains developed by an alliance of team from Neo, Ontology, and Switcheo. Poly Network currently connects Bitcoin, Ethereum, Neo, Ontology, Elrond, Ziliqa, Binance Smart Chain, Switcheo and Huobi ECO Chain.