Just-In: PolyNetwork Hackers Start Returning $610 Million Stolen Funds

Published by

Updated 11 Aug, 2021 | 02:15:02 PM UTC

Just-In: PolyNetwork Hackers Start Returning $610 Million Stolen Funds

Update: Hackers have returned $133 million worth of funds out of $610 million as per the latest update.

PolyNetwork became the victim of the largest defi hack in crypto history estimated to be worth $610 million. The stolen funds were sent to three wallet addresses one on the Ethereum network containing over $260 million, BSC address with $250 million, and Polygon address with $85 million. The total fund distribution was as follows,

BSC assets: 6613 BNB, 87,603,671 USDC, 26,629 ETH, 1,023 BTCB, 32,107,854 BUSD
Polygon assets: 85,089,719 USDC
Ethereum assets: 96,389,444 USDC, 1,032 WBTC, 673,227 DAI, 43,023 UNI, 14 renBTC, 33,431,197 USDT, 26,109 WETH, 616,082 FEI

The hackers behind the theft had agreed to return the funds earlier today and have demanded a multisig wallet after failing to contact PolyNetwork.

The hacker said,

“FAILED TO CONTACT THE POLY. I NEED A SECURED MULTISIG WALLET FROM YOU. IT’S ALREADY A LEGEND TO WIN SO MUCH FORTUNE. IT WILL BE AN ETERNAL LEGEND TO SAVE THE WORLD. I MADE THE DECISION, NO MORE DAO.”

The hackers have started to return the funds starting with the Polygon Network and have already transferred nearly a million dollars worth of USDC.

Source: PolygonScan

How Hacker Managed to Steal Significant Chunk From PolyNetwork?

The hacker has boasted that the stolen funds would have been in billion had they decided to transfer “Shitcoins” as well. The main reason for the hack was overriding “Bookkeepers,” someone who is responsible for authenticating fund transfers on the PolyNetwork. Poly being a cross-chain platform requires a cross-chain signature to approve transactions.

There are two theories, one that the hack was inside job or someone leaked the cross-chain signature to the hacker. The second theory suggests that the hacker managed to exploit a loophole to override the bookkeeper’s signature and became the sole authenticator, thus transferring such high amounts of assets.

The hackers tried to launder the money on Curve protocol, but the initial few transactions were declined because of Tether freezing USDT funds, but the hacker managed to send $76 million in USDC to Curve and another $120 million in stablecoins on Ellipsis Finance.

The hack only exposed the growing vulnerabilities in the Defi ecosystem as the number of attacks on Defi has continued despite maturity in the market.

Prashant Jha

An engineering graduate, Prashant focuses on UK and Indian markets. As a crypto-journalist, his interests lie in blockchain technology adoption across emerging economies.

Published by

Prashant Jha

Updated 11 Aug, 2021 | 02:15:02 PM

Why trust CoinGape: CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights to our readers. Our journalists and analysts bring years of experience in market analysis and blockchain technology to ensure factual accuracy and balanced reporting. By following our Editorial Policy, our writers verify every source, fact-check each story, rely on reputable sources, and attribute quotes and media correctly. We also follow a rigorous Review Methodology when evaluating exchanges and tools. From emerging blockchain projects and coin launches to industry events and technical developments, we cover all facets of the digital asset space with unwavering commitment to timely, relevant information.

Investment disclaimer: The content reflects the author’s personal views and current market conditions. Please conduct your own research before investing in cryptocurrencies, as neither the author nor the publication is responsible for any financial losses.

Ad Disclosure: This site may feature sponsored content and affiliate links. All advertisements are clearly labeled, and ad partners have no influence over our editorial content.