On August 10, 2021, the PolyNetwork was the victim of the largest theft to date in the history of cryptocurrencies. Attackers stole coins and tokens from the Ethereum (ETH), Binance Smart Chain (BSC) and Polygon (MATIC, not related to the PolyNetwork) blockchains worth $ 611 million at the time of the attack.
PolyNetwork is an interoperability platform – a bridge blockchain to exchange crypto currencies without a centralized exchange. The The development team announced theft on Twitter. the Security company SlowMist found outthat the attackers apparently exploited a security gap within the PolyNetwork.
Accordingly, by linking certain functions in the smart contracts, it was possible to pretend to be the “keeper” of the same and thus transfer the users’ coins or tokens to any wallet.
The addresses of the attacking party are:
Some crypto exchanges have blocked addresses to make sales difficult. In case you are wondering about the many tiny incoming transactions, many hope to catch the attention of the attacking party and have money transferred in the form of cryptocurrencies.
Partly transferred back
The development team behind the PolyNetwork has set up three Multi-Sig wallets and the Called attackers to transfer the coins and tokens back. These actually partially met the demand after SlowMist says it has traced the transaction chains that far backin order to be able to infer the identities of the attackers with the help of crypto exchanges.
So far, cryptocurrencies worth almost 5 million US dollars have been transferred to the wallets mentioned:
Messages attached to the attackers’ transactions, some of them to their own addresses, suggest that they are either trolls, they have gotten a whack or that they wanted to draw attention to the vulnerability in a questionable manner.
In a first transaction it was called: “It would have been a billion hack if i had moved remaining shitcoins! Did I just save the project? Not so interested in money, now considering returning some tokens or just leaving them here.”
Those involved created the on the PolyNetwork blockchain Token “The hacker is ready to surrender”. Then one followed Transaction with the text “ready to return the fund!”, again followed by “Failed to contact the Poly. I need a secured multisig wallet from you.” At the moment the transfers are coming in batches.