Hackers pulled off the biggest ever cryptocurrency heist on Tuesday, stealing $613 million in crypto tokens from token-swapping platform Poly Network, only to return $260 million less than 24 hours later. Poly Network is a decentralized finance (DeFi) platform that facilitates peer-to-peer (P2P) transactions, focusing on allowing users to transfer or swap tokens across different blockchains.
Hackers exploit a vulnerability in the Poly Network to steal crypto tokens.
Poly Network operates on the Binance Smart Chain, Ethereum, and Polygon blockchains. Crypto tokens are swapped between the blockchains using a smart contract that contains instructions on releasing the assets to the counterparties. Poly Network had tweeted on Tuesday that a preliminary investigation found the hackers exploited a vulnerability in this smart contract. According to crypto intelligence firm CipherTrace, the smart contract that was exploited to steal the crypto tokens maintains large amounts of liquidity to allow users to swap tokens efficiently. Poly Network had asked hackers to give back the stolen funds on Twitter just after the hack.
The attackers stole funds in more than 12 different cryptocurrencies.
The hackers stole funds in more than 12 different cryptocurrencies, including ether and a type of bitcoin, according to blockchain forensics company Chainalysis. A person claiming to have perpetrated the hack said they had spotted a “bug,” without specifying, and that they wanted to “expose the vulnerability” before others could exploit it, according to digital messages posted on the Ethereum network published by Chainalysis. As of now, the hackers had returned $260 million of the assets, the decentralized network further said, but $353 million was outstanding. It is unclear where the remaining funds have gone.