Interoperability protocol Poly Network has confirmed that it has suffered a major exploit – losing at least USD 600.3m of its funds.
The protocol announced that it got attacked on Binance Smart Chain (BSC), Ethereum (ETH), and Polygon (MATIC).
“We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the [provided] addresses,” said Poly Network, providing three addresses to which it says the assets have been transfered.
“We will take legal actions and we urge the hackers to return the assets,” it then added.
No additional information has been provided by the team behind the protocol as of yet.
What can be seen from the addresses is that:
- Polygonscan shows USD 84.93m worth of USD Coin (USDC);
- BscScan shows USD 251.68m in Binance-pegged tokens, ETH, USDC, binance USD (BUSD), among others;
- Etherscan shows nearly USD 264.4m of ETH, USDC, tether (USDT), and other ERC-20 tokens.
That is the total of USD 601m – which some say just may be the largest attack the space has ever seen.
The Chinese community believes that this may be the largest DeFi attack in history. https://t.co/VoCt8SQsZL
— Wu Blockchain (@WuBlockchain) August 10, 2021
Tether has reacted already and frozen c. USD 33m of USDT.
. @Tether_to just froze ~33M $USDt on 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963 as part of the #PolyNetwork hack https://t.co/EviPTAkQJD
— Paolo Ardoino (@paoloardoino) August 10, 2021
Binance CEO Changpeng Zhao tweeted that “no one controls BSC (or ETH)” but that the Binance team is “coordinating with all our security partners to proactively help, adding: “There are no guarantees. We will do as much as we can.” Others, however, ask if it is not possible to control the stablecoin BUSD nonetheless.
Victims and speculations
The hack has impacted at least one connected project that we know of for now.
Cross-chain aggregation protocol O3 Swap cross-chain function has been suspended due to the hack, tweeted O3Labs. “We are in contact with the team. Please be patient to back to full functionality,” they said, adding that the non-cross-chain function is available and can be used normally.
Per their documentation, O3 Hub is composed of a cross-chain asset pool such as stablecoin pool and cross-chain protocol based on Poly Network.
Both projects were initiated by blockchain project Neo (NEO).
According to journalist Colin Wu, there may be money laundering involved, as the Ethereum address tried to deposit funds into exchange liquidity pool Curve.fi. “The first few transaction attempts may be rejected by the mining pool and failed, but the subsequent transaction was successfully deposited and co-deposited approximately 673,227 DAI and 96,389,444 USDC, with 95,269,795 3Crv LP [liquidity provider] shares.”
Meanwhile, an interesting dynamics seems to have developed, as there are suggestions that the attacker may be receiving some help along the way in return for hefty tips.
LMFAO, what is going on.
The hacker just tipped hanashiro $42k in $ETH for that info. pic.twitter.com/KP4fmAZnUE
— Hsaka (@HsakaTrades) August 10, 2021
_____
Source: Cryptonews