In a developing story, a hacker reportedly exploited an inadequate signing process to make off with more than $600 Million in various cryptocurrencies from cross-chain DeFi. Those included in the attack are Ethereum, Polygon, and BSC.
If the amount is accurate, the theft marks one of the largest cryptocurrency thefts in history.
What We Know
On Tuesday, Poly Network tweeted out confirming the attack on its network.
Important Notice:
— Poly Network (@PolyNetwork2) August 10, 2021
We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker’s following addresses:
ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71
Poly called on miners to blacklist tokens coming from the target wallets.
Tether froze around 33M USDT associated with the suspected wallets.
According to a competent analysis tweeted by Mudit Gupta, the impacted contract required validation of a single signature to execute the transfer and speculated that a single key could have been obtained through traditional means.
Poly Network hacked for over $600 million across Ethereum, Polygon, and BSC. https://t.co/e1mJW0gijehttps://t.co/84gmgphqAHhttps://t.co/3ICgaeJgUs
— Mudit Gupta (@Mudit__Gupta) August 10, 2021
Poly network hasn’t even verified their contracts on Ethereum so it’s tedious to analyze. Here are my current thoughts 🧵👇 pic.twitter.com/WDvMbpGVwN
The alleged use of a single key emphasizes that the fundamentals of security remain critical even in the age of more sophisticated DeFi hacks.
Stay with us as this story unfolds.
