Grab your popcorn: The biggest heist on DeFi history
We often talk about the novelty of crypto, and how this is a new development with new advantages and challenges. In this post, we will show you an easy-to-understand example of it. We will talk about a hack that happened on Tuesday 10 August 2021 and had the crypto world at the edge of their seats.
First, we have to explain a few things:
Poly Network is a DeFi project which connects and allows the exchange of coins between different blockchains.
Poly Network works in different Blockchains, among them: Ethereum, Binance, and Polygon.
It all started when Poly Network announced on Twitter that was under attack on the Binance, Ethereum, and Polygon blockchains, and published the IP addresses of the attacker on the same thread. Then, in a series of tweets, they started calling all miners who work on the affected blockchains, and all the exchanges to blacklist the token coming from the attacker’s IP.
As this is being announced on Twitter, the news spreader quickly. Immediately the crypto community started to comment and to share news about the published IP addresses. ‘The address is rich. Just look at it’ said one user.
This is the novelty of crypto: an attack was unfolding, with a hacker stealing $600 million, and everyone was able to see it in real-time. This is a new kind of heist, which is public (anyone can see the transactions) and with publicity (dealt with on social media). This has no parallel outside the crypto world unless we talk about a movie.
As we have said before, crypto is not regulated by a specific financial or governmental institution. The whole point of its creation was decentralisation and work outside the regular financial system. This is a great idea that is still developing. Unfortunately, there are unforeseen consequences. Let’s think about this heist as an example: who or which institution/authority should intervene if any? Should Poly Network have called the police? (If so, in which country?)
Soon after the first tweets, wallets and exchanges, small and big (like Binance) started to reply announcing the display of their security teams to help. Tether froze the equivalent to $33 million worth of its currency as a response to the attack.
About 3 hours after their first announcement, Poly Network released a letter trying to establish communication with the hacker. Despite the “Dear Hacker” heading that makes it feel like an everyday communication, this was a serious issue: at this point, the hacker was holding about $600 worth of coins, which belonged to ordinary people.
Two things happened:
First, Poly Network discovered the vulnerability that was used by the hacker to exploit their network and started working to fix it.
Second, the hacker returned the stolen coins, by 13 August (2 days after the hack) almost all the coins had been returned.
Even though the questions about why the hacker did it and why returned the money are interesting, there are other areas we want to highlight.
This heist was announced, dealt with, and fixed in front of everyone’s eyes, with all the crypto community watching and no intervention from a regular financial institution. This is not to say this is the way this kind of hack should work. Certainly, the fact the hacker decided to return the money makes it a happy story.
Why highlight this then? To show how different the crypto world works. This kind of incident reminds us that there is a strong community behind crypto and that there are unforeseen problems that may arise in the future and will create new challenges because of their novelty.
*** Do remember you can always upgrade your security and reduce risks with easy steps, like using trusted wallets and exchanges. Check our post about security for more information.***