On the 10th of August 2021, the Poly Network was hacked for at least $611 million in the largest DeFi hack to date.
The cross-chain DeFi platform – an alliance formed primarily by the teams behind Neo, Ontology, and Switcheo – quickly called on the crypto community to blacklist any of the addresses handling stolen tokens in the attacks which ripped assets from three blockchains; Ethereum, Binance Smart Chain and Polymath.
The call resulted in Tether blacklisting $33 million of the USDT stolen in the attack (meaning that the tokens can no longer be moved as they are frozen) and the CEOs of Binance and OKEx, Changpeng Zhao and Jay Hao, tweeting that they are following the flow of funds. The addresses used by the hacker(s) have naturally been blacklisted by Coinfirm.
Hacker’s ETH address: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
Hacker’s BSC address: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71
Hacker’s Polygon address: 0x5dc3603C9D42Ff184153a8a9094a73d461663214
The breakdown of assets stolen was valued at $275 million of ETH tokens, $253 million in tokens on BSC, and $85 million in USDC on the Polygon network.
The hacker sent funds from 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963 to 0xf8B5c45c6388c9Ee12546061786026aAeaa4b682 (an address called ‘hanashiro.eth’ on etherscan) for the information that the USDT tokens had been frozen that Hanashiro passed in a message to the attacker(s), read as “DONT USE YOUR USDT TOKEN\nYOU VE GOT BLACKLISTED”.
Hanashiro’s address then sent 1.337 of the 13.37 ETH he received to Vitalik Buterin – Ethereum’s co-founder – as well as several donation addresses; 0xc48e23c5f6e1ea0baef6530734edc3968f79af2e, 0x71c7656ec7ab88b098defb751b7401b5f6d8976f, 0x635599b0ab4b5c6b1392e0a2d1d69cf7d1dddf02, 0x8b99f3660622e21f2910ecca7fbe51d654a1517d. Buterin has not sent back the funds as of the time of this publication.
As well as blacklisting the assets and addresses, the community has also been actively talking to the attacker through messages on the blockchain with most requesting funds to be sent back, whilst others offered to launder the stolen funds.
And the community pressure has paid off. In a turn of events on Wednesday, the hacker(s) began to return significant portions of funds. So far, over $300 million has been returned to Poly Network by the attacker(s).
Someone also – most likely – attempted to scam the hacker by related the message “Rogue Tether Employee here. I can unfreeze your Tether. Send me 100 ETH and consider the deal done.”
The root cause of the hack was an issue with the contract calls rather than the single keeper. Poly Network’s Medium post of the root cause of the vulnerability of the largest hack in DeFi history can be read here.
Apprehension of the attacker is seeming to be possible as the hacker’s blockchain addresses have also had many interactions with centralized exchanges where they most likely have undergone KYC measures. A blockchain security firm additionally claims to be in possession of the hacker’s ID, email address, IP information and device fingerprint.
The hacker answered a Q&A session on the blockchain on their motives for the attack in five parts, which are shown below.
For industry-leading detection and monitoring of illicit crypto assets, contact Coinfirm today.
