Hackers managed to steal more than $600 million from the DeFi platform Poly Network, which operates on Ethereum, Polygon and Binance Smart Chain. The stolen tokens came from all different chains, making this hack possibly the biggest theft in DeFi history.
According to Poly Network, hackers used 'a vulnerability between contract calls' to bypass USDC, renBTC, wBTC and wETH. Chinese cybersecurity company SlowMist quickly jumped into the news, and analysts have already identified the attacker's device email address, IP address and fingerprint. SlowMist believes the hacker was well organized and prepared.
What makes theft even more interesting are the hidden messages in transactions. The hacker thought of creating a DAO and letting the community decide where the stolen tokens will go.
The hacker discovered that some tokens were frozen, such as tokens USDT stolen. At the same time, crypto exchanges like OKex, Binance, Huobi and many others have blacklisted the crypto wallets involved. As a result, hackers cannot use its services to move tokens.
The hacker now wants to return some of the tokens, or maybe all of them. In an encrypted message, they wrote 'Failed to contact Poly. I need a protected multisig wallet from you', suggesting they are ready to return the money.
After that, he started sending tokens back to the Poly Network. On Polygon, they sent $1 million in USDC back, while also sending $1,1 million in BTCB, $2 million in SHIB tokens, and $600.000 in FEI stablecoin. The hacker clearly didn't return all the money, but added a message to one of his transactions saying, 'The hacker is ready to surrender'. Whether they will return the money or turn themselves over to the authorities as well remains a mystery for now.
DeFi is not risk free
Using DeFi is very powerful for users, and those who dare to take risks can profit from it. However, with every opportunity comes great risk. Hacks like the one from Poly Network are an example of this. Also, the DeFi market is littered with bad designs and rugs, so research is critical. Always research the projects you invest in. Know what you're getting into and when something sounds too good to be true… it probably is.