$600M PolyNetwork Hack Largest in DeFi History: Here’s What Happened
PolyNetwork was hacked, and $600 million worth of crypto was stolen in the biggest hack in the short history of DeFi. What actually happened, and what investors should be aware before investing in DeFi projects and protocols.
PolyNetwork, an interoperability protocol enabling atomic-cross chain transactions between multiple major blockchains, was hacked and $600 million worth of investor’s crypto on Polygon, Binance Smart chain, and Ethereum was stolen.
What Happened?
PolyNetwork announced that they had been attacked at 8:38 am EST, Tuesday August 10. They immediately listed the addresses to which the anonymous hacker had transferred their funds on the ETH, BSC, and Polygon networks, and called upon miners of the affected exchanges to blacklist them.
The ETH, BSC, and Polygon addresses involved show volumes of $266.5M, $252M, and $85M worth of crypto assets, respectively.
These include WBTC, WETH, RenBTC, DAI, UNI, SHIB, and FEI, and totals to over $600M worth of crypto having been stolen, making this the largest DeFi hack to date by far.
Assets involved include $WBTC$WETH$RenBTC. ETH:0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses. @BitGo@renBTCFinance
In dollar value terms, the latest DeFi hack is comparable to the Mt. Gox and BitFinex exchange hacks, which resulted in $500M and $750M of stolen funds at the time of the hacks.
It was soon found out that the hacker’s initial source of funds was Monero (XMR), a privacy-based coin, which he then converted to ETH, BNB, and MATIC in the exchange.
SlowMist discovered that the hacker's initial source of funds was Monero (XMR), and then changed to BNB/ETH/MATIC and other coins in the exchange and withdrew the coins to 3 addresses, and soon launched on 3 chains attack. https://t.co/aMN4iJUueNhttps://t.co/5p9OSOiBl0
CEO of crypto exchange OKEx, Jay Hao, tweetes that he is addressing the situation:
“@OKEx is already on the case. We’re watching the flow of coins, and will do our best to manage the situation. Our wallet team will get in touch if we need more information.”
.@OKEx is already on the case. We're watching the flow of coins, and will do our best to manage the situation.
Twitter user Mudit Gupta pointed out that the hack was a traditional compromising of user’s private keys, which was made easier due to Smart Contract design decisions by PolyNetwork.
An involved smart contract belonging to the company used a single keeper wallet, which allowed the hacker to sign off on a contract transferring all funds to his address, after obtaining the relevant private key, which may have been done through various methods. PolyNetwork has also not verified their smart contracts using Etherscan.
Can Investors Avoid This?
As a growing field, DeFi still has many problems to sort out, and future scams, hacks, and exploits are highly likely to take place in the near term. There are some best practices to protect investors from malicious actors seeking to compromise their assets.
These include ensuring that smart contracts of your chosen investment project have been audited by tech-savvy auditing organizations with pristine track records. Such precautions could have saved many investors in the case of this recent, historically large hack.
