Hackers Steal $600M In One of The Biggest Cryptocurrency Heists Ever

In what is called the biggest heist ever, PolyNetwork, a decentralized finance (DeFi) firm working on interoperability of crypto coins was hacked and multiple cryptocurrencies were transferred out. The company claims that the value of those cryptocurrencies is estimated to be $600 million, the BBC reported.

Update: The hackers are returning stolen crypto to PolyNetwork

The hackers have returned hundreds of millions of dollars in cryptocurrency, with $260 million returned as of 1:28 PM EDT, according to a tweet from Polygon.

$260 million (As of 11 Aug 04:18:39 PM +UTC) of assets had been returned:
Ethereum: $3.3M
BSC: $256M
Polygon: $1M

The remainings are $269M on Ethereum, $84M on Polygon

— Poly Network (@PolyNetwork2) August 11, 2021

The $260 million is comprised of $3.3 million in Ethereum, $256 million in BSC, and $1 million in Polygon. As of roughly 1:30 PM EDT, roughly $269 million remained to be returned on Ethereum, in addition to another $84 million on Polygon. Obviously, why the hackers are returning their stolen money remains unclear, but it could be anything from cold feet at the prospect of stealing hundreds of millions of dollars (and thus being pursued by law enforcement), to the possibility that the hackers are already caught, and returning their funds from a government order. Both possibilities remain pure speculation, as of writing.

Cryptocurrencies work on blockchain technology and each coin uses its own blockchain that is unique and isolated from the rest. DeFi platforms, such as PolyNetwork, work to make them interoperable. Hackers exploited a vulnerability in the company's "contract calls" and took away thousands of crypto coins. PolyNetwork revealed that $267m of Ether, $252m of Binance coins, and roughly $85 million in USDC were taken out. 

Since blockchain is a public ledger, the company was quick to identify the virtual address where these currencies were deposited and alerted cryptocurrency networks to block further deposits from the addresses. 

Important Notice:
We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker's following addresses:
ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71

— Poly Network (@PolyNetwork2) August 10, 2021

Changpeng Zhao, chief executive of Binance, a cryptocurrency, whose coins were stolen during the hack, tweeted that his company would "proactively help" but there were "no guarantees." 

PolyNetwork also took to Twitter to reach out to the hacker to inform him that "the heist was the biggest ever" and he had "committed a major economic crime". The company wants him to contact them and set up a way to return the assets.

pic.twitter.com/Yzw4oDenjC

— Poly Network (@PolyNetwork2) August 10, 2021

The security company, Slow Mist, claimed that the crypto coins had been transferred to three different addresses and the company had “grasped the attacker’s mailbox, IP, and device fingerprints” and were “tracking possible identity clues", according to a CNBC report. 

DeFi is the new target for hackers. De-Fi hack losses have risen to $361 million in 2021, while they were unheard of in 2019, says CipherTrace, a cryptocurrency intelligence firm. De-Fi hacks also account for 76 percent of all major hacks this year.  

Update (11 Aug, 05:20 am): Updated to include details from Binance, Slow Mist, and CipherTrace.