Poly Network is a ZG cross-chain DeFi platform that provides token exchange across multiple blockchains, including Bitcoin and Ethereum. On Aug. 11, an unidentified individual began moving funds from the Poly Network platform to cryptocurrency addresses they controlled. Hackers managed to steal $611 million worth of cryptocurrency.
After the hack, Poly Network said the stolen funds were worth more than $611 million (about 3.95 billion yuan), making it the largest hack to date against a cryptocurrency exchange.
How the attack happened
“Hackers exploited a vulnerability in the _executeCrossChainTx function between contract calls,” a Poly Network spokesperson said.
The company added: “The attackers used[d]This function passes in crafted data to modify the custodian of the EthCrossChainData contract,” the attack effectively allows an intruder to claim himself as the owner of any funds processed through the platform.
By repeatedly calling the attacked contract, the hackers were able to steal funds from the Poly Network and then transfer them to wallets under their control, which Poly administrators identified as follows:
Binance Smart Chain: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71
The company later tweeted that Poly Network has urged miners of affected blockchain and cryptocurrency exchanges such as Binance, OKEx, HuobiGlobal, Uniswap, Circle Pay, Tether and BitGo to immediately send any tokens from attacker addresses Coins are blacklisted.
Poly Network pleads with hackers to return stolen funds
In an open letter posted on Twitter by Poly Networks, they begged the thieves to communicate with them and return the stolen assets.
“The amount you have hacked is the largest in DeFi history. Law enforcement in any country will consider this a major economic crime and you will be hunted down.[…] The money you stole comes from tens of thousands of crypto community members, all from the people,” the open letter reads.
Poly Network did not disclose any other details of the incident, nor did it say whether any law enforcement agencies were investigating the hack. However, the company said it plans to take legal action against the hackers. The open letter appeared to be gaining traction, trending on Twitter as nearly $2 million in stolen assets were returned Wednesday morning.
Hackers are currently returning some cryptocurrencies
Apparently, the hackers have started to return some of the stolen funds. According to a screenshot shared by the company, “So far, we have received a total of $4,772,297.675 in assets returned by hackers.”
At the time of publishing this article, the hacker “Mr. White Hat” returned a total of $342 million worth of cryptocurrency from the stolen funds, but it is unclear whether the hackers will return the rest.