How Hackers Stole $600 Million in Crypto Heist
Crypto heist is a term used to describe a large-scale theft of cryptocurrencies from online platforms or networks. Crypto heists have become more frequent and sophisticated in recent years, as hackers exploit vulnerabilities in decentralized finance (DeFi) systems, which allow users to swap tokens across different blockchains.
One of the largest crypto heists ever happened on August 11, 2021, when hackers stole some $600 million worth of digital tokens from Poly Network, a DeFi platform. The hackers exploited a flaw in the system and transferred thousands of Ether, Binance Coin, and USD Coin tokens to separate wallets. The theft shocked the crypto community and raised questions about the security and regulation of DeFi platforms.
How did the hackers do it?
Poly Network said that the hackers used stolen private keys, which are like passwords that grant access to crypto funds, to make off with the tokens. The platform said that it discovered a “vulnerability between contract calls” that allowed the hackers to bypass the checks and balances that normally prevent unauthorized transfers.
The hackers then moved the stolen funds to various wallets and tried to convert them into other cryptocurrencies or cash them out through exchanges. However, they faced difficulties as some exchanges blocked their deposits and some token issuers froze their assets. Poly Network also posted a letter on Twitter, urging the hackers to return the funds and warning them that they would be pursued by law enforcement.
Did the hackers return the money?
Surprisingly, yes. Hours after the hack, the hackers started returning the funds – first in small amounts and then in millions. They also communicated with Poly Network and other crypto experts through embedded messages in the blockchain transactions. They claimed that they did not intend to cause any harm and that they only wanted to expose the vulnerability in Poly Network's system.
By August 12, 2021, the hackers had returned almost all of the stolen funds, except for about $33 million worth of Tether tokens that were frozen by the issuer. Poly Network said that it had recovered control of its system and that it would resume its operations soon. It also offered a $500,000 reward to the hackers for their cooperation and invited them to become its security advisor.
What are the implications of this crypto heist?
This crypto heist has highlighted both the risks and opportunities of DeFi platforms, which are designed to be open, transparent, and permissionless. On one hand, DeFi platforms are vulnerable to hacking attacks due to their complex and experimental nature. They also lack adequate regulation and oversight, which may expose users to fraud and scams.
On the other hand, DeFi platforms also demonstrate the resilience and innovation of the crypto community. The swift response from Poly Network, exchanges, token issuers, and other stakeholders helped mitigate the damage and recover most of the funds. The hackers' decision to return the money also showed a sense of ethics and responsibility among some crypto enthusiasts.
The crypto heist also raised awareness about the importance of security and governance in DeFi platforms. It may prompt more users to be cautious and vigilant when using DeFi services and more developers to improve their code quality and audit processes. It may also encourage more collaboration and dialogue among different actors in the crypto space to prevent future attacks and foster trust.
Sources: BBC News, Reuters, New York Post, The Wall Street Journal