Hackers have in the past week stolen almost $600m in one of the largest cryptocurrency heists in history.
It is believed that the hackers managed to find a weakness in the Blockchain site Poly Network and have stolen digital tokens known as Ether. It had been reported that these hackers have stolen thousands of Ether as well as various other coins.
The scale of this hack is on par with the Coincheck and Mt Gox breaches that have occurred in the past years. What is different about this event is the response of those responsible since it has become public knowledge.
Poly Network is a decentralised finance (defi) provider. Users use this service to transfer tokens tied to one blockchain to a different network.
An open letter had initially been published via twitter to try and “establish communication” with the thieves. Poly Network have said “The amount of money you have hacked is one of the biggest in defi (decentralised finance) history. Law enforcement in any country will regard this as a major economic crime and you will be pursued. The money you stole are (sic) from tens of thousands of crypto community members, hence the people”
In numbers, $267m of Ether has been stolen, and $252m of Binance coins, and $85m of USDC tokens.
Binance has issued a statement saying that they were aware of the security breach, but stated that they are “coordinating with all security partners to proactively help” but have warned that there is only so much that they can do and that “There are no guarantees”.
Crypto Returned – Is it all there?
What followed was an announcement that most of the ‘stolen’ crypto has been returned to Poly Network and that the hack itself was ‘white hat’ in nature. White Hat hacks are quite commonplace in the digital space to collect ‘bug bounties’, or rewards for pointing out the areas of weakness in certain systems What is not usual, is for white hat hackers to actually proceed with causing harm to systems, or stealing from those they are trying to help.
What is happening to the remainder of the unreturned coins at this stage is still unclear but it does seem that there are some discrepancies between the amounts returned and the amounts taken.
There is a lot of ongoing back and forth regarding the promises supposedly offered by private companies not to pursue any legal action against the hackers, in return for the safe receipt of the stolen cryptocurrency. It is also said that no private company should have the right to interfere with law enforcement when it is clear a crime has been committed.
Whilst it is definitely advantageous to uncover flaws in security from outside support, the manner in this event have caused more issues than resolutions. Now in this scenario, there are a lot of grey areas and uncertainties, but one thing that is clear, is that we are no closer to knowing the real motive behind the original hack. One can only hope that in future, such events are much less common, and that the wider adoption of cryptocurrencies can move forward without disruption.
CipherTrace released a report on Tuesday that stated that the cryptocurrency crime losses have hit an all time high with losses of $474m in the first seven months of 2021. In saying this, losses in the overall crypto market has dropped significantly from $1.9bn in 2020 and then $4.5bn in 2010.
The US Securities Exchange Commission (SEC) are looking into the first case involving securities fraud in the decentralised finance market. The SEC have charged Blockchain Credit Partners, a decentralised finance lender, and two of its top executives for raising fraudulent funds of circa $30m.