Hacker who took $600 million worth of cryptocurrencies says “it was for fun” | finance

This past Tuesday (10), the biggest cryptocurrency theft in history took place, in which a hacker took more than $600 million in digital assets from the Poly Network token trading platform. However, the case is not only grandiose, but also unusual: almost all the stolen funds were returned within 48 hours and the alleged hacker said he did it “for fun”.


Theft of cryptocurrencies (Image: Marco Verch/Flickr)

The Poly Network is a decentralized finance (DeFi) platform that, although not as well-known as the world’s largest crypto-assets brokers, handles millions. It offers a digital currency transfer and exchange service between different blockchains. A user can, for example, use Poly Network to send bitcoins from the Ethereum blockchain to Binance Smart Chain and others.

Founded by Chinese businessman Da Hongfei, who is currently CEO of Neo, a blockchain platform, Poly Network has become a household name in news worldwide as the victim of the biggest cryptocurrency theft ever.

how the hack occurred

Hacker hacked into smart contract (image: Darwin Laganzon/Pixabay)
Hacker hacked into smart contract (image: Darwin Laganzon/Pixabay)

Because the platform operates on Binance Smart Chain, Ethereum and Polygon blockchains, digital assets are exchanged across networks using smart contracts that contain instructions on when to release the assets to counterparties. It turns out that one of these contracts is responsible for maintaining a pool of liquidity to allow users to transfer and exchange tokens more efficiently, according to the company specializing in cryptocurrencies CipherTrace.

And it was precisely in this contract that criminals saw their opportunity. As Poly Network itself tweeted on Tuesday, a preliminary investigation found that hackers exploited a vulnerability in this smart contract.

According to an analysis of transactions tweeted by Kelvin Fichter, an Ethereum programmer, the hackers appeared to ignore the contract instructions for each of the three blockchains and diverted funds to three digital wallet addresses to store the tokens. These movements were later tracked and published by Poly Network as well.

In total, the attackers took more than $600 million in more than 12 cryptocurrencies, including ether (ETH) and a type of bitcoin (WBTC), as a Chainalysis report on the case found.

Would a hacker be a benefactor?

Hacker (Image: B_A/Pixabay)
Hacker (Image: B_A/Pixabay)

The situation becomes even more interesting when a person has deliberately taken the blame for the crime. In a message within a transaction posted on the Ethereum network, the alleged and anonymous hacker stated that he carried out the invasion “for fun” and confirmed that he detected a “bug”, without specifying it, saying he also wanted to “expose the vulnerability” before it others could explore it.

“On detecting the bug, I was confused,” said the person. “I asked yourself what you did in the face of such a fortune. Would you politely ask the project team so they can fix it? Anyone could be a traitor taking a billion!” the message read.

As much as the message indicates the existence of only a single hacker, evidence suggests that the scheme was not that ethical and that he did not act alone. The cryptocurrency security company SlowMist said it identified messages and fingerprints from the hacker’s devices, but did not come up with an identity. However, his analysis is that the robbery was “probably a long-planned, organized and prepared attack”.

Other speculation indicates that “good” hackers are unlikely to steal such a large sum. Furthermore, it is very believable that the probable criminal group has found it difficult to launder so much money, so they have returned the millions, posing as benefactors.

With information: Reuters

Leave a Comment