The Mind Of A $611M Poly Network Hacker

3 mins read

Listen to this article:

Crypto can be a difficult space to navigate. And if you're not careful enough, you can lose your money. Even then, nothing can save you from a hack on a platform where you have your money housed or to an asset you’ve invested in.

And that's exactly what happened to the Poly Network community – a cross-chain protocol – which was recently hacked for $611 million in the largest DeFi intrusion to date. 

Many see this attack as a severe blow to crypto amidst all the current talk about regulation and taxes. 

Poly Hack: What Happened?

Poly Network is a decentralized finance (DeFi) platform. Its job is to help blockchains of different cryptocurrencies work with each other. 

It basically swaps tokens across multiple blockchains, including Bitcoin, Ethereum, and many more. It is a collaboration between different blockchain teams, including those of Neo, Ontology, and Switcheo. 

Yet, there was a vulnerability in Poly Network’s system. This allowed hackers to break into the platform. And the rest is history: $611 million stolen. 

The hackers took $273 million on Ethereum tokens, $253 million on Binance Smart Chain tokens, and $85 million in USDC. 

The Market's Reaction

It didn't take long for the market to react. O3 – a trading pool that used Poly Network – suspended cross-chain functions to avoid suffering any damage or being attacked. 

Tether was one of the first companies to react. Tether blacklisted the $33 million stolen USDT. This means only one thing: those tokens can't be used.

And things did not stop there. SlowMist, a blockchain security firm, claimed to have identified the attacker. They say they have the attacker's email address, IP address, and device fingerprint. 

The attacker's initial assets were in Monero (XMR), then traded for BNB, ETH, and MATIC to fund the attack.

The Nonsensical Story of a Hack

And in a strange turn of events, a user under the name Hashaniro.eth wanted to help the hacker. He sent the hacker a transaction with the message "DON'T USE YOUR USDT, YOU'VE GOT BLACKLISTED".

And the hacker response? Well, he thanked Hashaniro.eth with a 42K tip of ETH.

Hashaniro.eth then sent 1.337 ETH to Vitalik's wallet

Poly's Strategy to Recover the Funds

And of course, Poly Network had to do something to recover the money. But the strategy was unusual, to say the least. 

They just asked the hackers directly for it. 

In a public letter available on Twitter, Poly Network asked the hackers to return the money. They emphasized that the stolen money belonged to members of the crypto community. “It's the people's money, not their money,” the letter asserted

And the roller coaster didn't end there. The strategy kind of worked.

The hacker slowly started to return some of the stolen funds. He sent a message to Poly Network embedded in one of the transactions and said that he was "ready to return the funds".

A Hacker's Q&A

But the hacker still wanted to have the last word.

He did a Q&A - as weird as it sounds. He claimed he hacked for fun and stole all those funds to keep them safe. 

We know all of this sounds weird. His logic is that if he warned about the vulnerability, even an insider could have exploited it. After all, we are talking about hacking $1B.

He also laughed at claims that he was exposed. He says he obviously used fake IPs and burner emails. He also claimed he never did it for the money.

Finally, he stated that he is in discussion with Poly's team. He also hopes to give them some security recommendations because, after all, they are protecting billions.

There is still a lot of money to be returned. The hacker sees himself as a white-hat hacker who did it for the good of all. For him, it was something to be seen as a cautionary tale for the dangerous world of DeFi. 

How will the story end? That remains to be seen.

You may also like

Recent Articles