In what is being referred to as one of the largest hacks in the digital asset business, threat actors stole $611 million in cryptocurrency from a blockchain-based banking network, according to The Hacker News.
Cross-chain decentralized finance (DeFi) platform Poly Network publicly reported that unknown threat actors exploited a flaw in the system and grabbed a large number of digital tokens, including Ether. The exploited weakness enabled hackers to steal a massive quantity of cryptocurrency and was related to contract calls.
The event is believed to be more serious than previous hacks at other cryptocurrency exchanges, like Mt. Gox and Coincheck. Security researchers at the company claim that the stolen funds were traded for MATIC, ETH, and other crypto coins, rather than remaining in their original form as Monero.
Poly Network’s team notes that “The amount of money you have hacked is one of the biggest in DeFi history. Law enforcement in any country will regard this as a major economic crime and you will be pursued. […] The money you stole are from tens of thousands of crypto community members, hence the people,”
The attacker is still unknown
To help investigate the stolen Binance Chain, Ethereum and Polygon assets, the company asked miners on the affected blockchain and centralized crypto exchanges to block incoming tokens sent from the addresses in question.
The wallets where the hackers deposited their stolen cryptocurrencies are as follows: Polygon – $85 million – 0x5dc3603C9D42Ff184153a8a9094a73d461663214, Binance Smart Chain – $253 million – 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71, and Ethereum – $273 million – 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963.
Changpeng Zhao, the CEO of Binance, said in a tweet that his company is aware of the Poly Network exploit. Binance promises to do everything they can to help customers retrieve stolen assets, but he cannot make any guarantees.
The company urged the hackers to communicate with them and return their stolen goods in an open letter published on their official website. Although the attacker’s IP address, email address, and device fingerprint were traced by blockchain security firm SlowMist, the attacker remains unknown.