A massive $600 million cyberattack targeting Poly Network was carried out on Tuesday morning. The tweet from Poly Network reads, “Important Notice: We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon. Assets had been transferred to the hacker’s following addresses:
Poly Network is a protocol that swaps tokens across several blockchains such as Bitcoin, Ethereum, and others. The assets stolen boil down to $273 million ETH, $253 million in BSC tokens, and $85 million in USDC taken from the Polygon network.
In a series of follow-up tweets, Poly Network stated that the hacker has deposited $USDC and $DAI to the curve and called on miners of the affected blockchain and exchanges to blacklist any tokens from the aforementioned addresses. According to a tweet from the CTO of Tether,
Tether CTO Paolo Ardoino claims that Tether has already frozen $33 million $USDT that were part of the stolen assets, effectively locking the tokens. Meanwhile, CRO of Binance Changpeng Zhao tweeted that “we are aware of the https://poly.network exploit that occurred today. While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can. Stay SAFU.”
Tracking down those responsible
According to SlowMist, the security team has announced they have successfully tracked down the hacker’s mailbox, IP address, and device fingerprint. The Poly Network attacker has been found via on-chain and off-chain tracking. SlowMist adds that “with the technical support of SlowMist’s partner Hoo Tiger Symbol and multiple exchanges, the SlowMist security team discovered that the hacker’s initial source of funds was Monero (XMR), and then changed to BNB, ETH, MATIC, on the exchange, withdraw coins to three addresses, and launch an attack on three chains soon.” The security group concluded that due to the flow of funds and the fingerprint information, it can be assumed this was a well-planned, organized, and time-consuming attack.
SlowMist also says that a transaction from one of the offending wallets was sent with a message stating that “it would have been a billion hack if I had moved remaining shitcoins! Did I just save the project? Not so interested in money, now considering returning some tokens or just leaving them here,” suggesting he may just abandon the wallet in limbo.