$611 million stolen in Poly Network cross-chain hack

The cross-chain protocol Poly Network has been hacked, threat actors stole $611 million making this hack the largest DeFi hack to date.

$611 million has reportedly been stolen in one of the largest cryptocurrency hacks.

The cross-chain protocol Poly Network disclose a security breach, threat actors have stolen over $611 million in cryptocurrencies.

Important Notice:We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker’s following addresses:ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71— Poly Network (@PolyNetwork2) August 10, 2021The attackers have transferred hundreds of million dollars worth of Binance Chain, Ethereum, and Polygon assets into their wallets.

Assets involved include $WBTC $WETH $RenBTC.ETH:0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses. @BitGo @renBTCFinance— Poly Network (@PolyNetwork2) August 10, 2021The Poly Network protocol allows swapping tokens across multiple blockchains, including Bitcoin and Ethereum and Ontology.

The attackers

The assets has stolen $273 million worth of Ethereum tokens, $253 million in tokens on Binance Smart Chain and $85 million in USDC on the Polygon network.

“Since the theft, Tether has blacklisted the USDT on Ethereum that was stolen in the attack, roughly $33 million in tokens. That means they can no longer be moved. (USDT is a centralized stablecoin that can be frozen at will by the company behind it, similar to other stablecoins like USDC.)” states TheBlockCrypto website.

Researcher Igor Igamberdiev from the The Block speculates that the root cause of the hack was a cryptographic issue, in the cryptocurrency protocol, what is a rare case.

Blockchain security firm SlowMist issued an alert announcing that they have already determined the attacker’s ID. The experts claim to have discovered the attackers email address, IP information and device fingerprint.

The threat actors have employed the following wallets:

ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71Polygon: 0x5dc3603C9D42Ff184153a8a9094a73d461663214Some cryptocurrency exchanges announced they are aware of the hack and will do all the best to identity and block illegal transactions associated with the hack.

Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, APT41)

The post $611 million stolen in Poly Network cross-chain hack appeared first on Security Affairs.