The biggest crypto asset theft in history has taken a turn for the better. Poly Network, a cross-chain interoperability protocol, said on August 10 that hackers attacked smart contracts and transferred 302 million USDT (TEDT), 55,000 ETH (Ethereum), 2,000 bitcoins and other assets, with a total loss of 610 million dollars, according to media reports. But later, media reports said the attackers had returned more than $342 million worth of tokens through BSC, Ethereum and Polygon.
This is the largest asset theft in the history of DeFi (decentralized finance) industry. After the incident, the stock prices of the network security sector continued to rise. By the noon of August 12, Orient Communication rose by more than 15%, Feili Credit rose by more than 12%, Digital Certification rose by 7.68%, and Shenzhou Taiyue rose by 4.35%.
It is worth mentioning that after this incident, the industry also triggered concerns about the safety of DeFi. Slow Fog Technology statistics hacked event archive data show that in the first half of this year alone, there were 50 DeFi security events, accounting for the whole blockchain ecosystem 78 large security events more than 60%.
The hackers have returned some assets
The reason for the theft: The private key used for cross-chain signature is leaked, or the signing program has a logic flaw
On August 10, Poly Network protocol smart contracts deployed on the three networks of Ethereum, Binance Smart Link and Polygon were attacked at the same time. The hackers transferred 302 million USDT, 55,000 ETH, 2,000 Bitcoin and other assets, with a total loss value of 610 million dollars.
In a tweet that night, Poly Network called on crypto companies such as exchanges to blacklist hacker addresses. Tether, the company that issued USDT, said it had frozen 33 million dollars of USDT in the Poly Network theft case.
As for the cause of this incident, security company BlockSec issued an analysis report saying that the private key used for cross-chain signature may have been leaked, or the signature program has a logic flaw that leads to the signing of the attack transaction.
Slow Fog, another security company, published that the attacker modified the address specified for the attacker by keeper in the Ethereum cross-chain contract through carefully constructed data, which was not caused by the leakage of keeper private key.
However, shortly after the theft, the hackers returned tokens now worth more than $342 million via BSC, Ethereum and Polygon. The hacker said the attack was just for fun and that Poly Network was chosen because cross-chain attacks were popular.
DeFi security concerns
Analysis: Hacker refunds also don’t help investors make negative judgments about their security
After this incident, the market became more concerned about the safety of DeFi. Li Li of Washington Jingtian Gongcheng Law firm said in an article that DeFi mainly refers to a blockchain application project which is built on the programmable public blockchain network such as Ethereum and is composed of a series of smart contracts and applications, aiming at financial activities such as cryptocurrency value anchoring, lending and swaps.
“DeFi does not rely on the management ability and credit level of any subject, but simply relies on game models such as speculative arbitrage and risk hedging to build the trading structure and financial logic of the product. This is the most fundamental difference between DEFI and traditional financial services, and is also the core value of DEFI. “Said Li Li.
It is precisely because of its special attributes that DeFi is easy to become the focus of hacker attacks. According to the data from the database of hacked events of Slow Fog Technology, there were 50 incidents involving DeFi security in the first half of this year alone, accounting for over 60% of the 78 major security incidents in the whole blockchain ecosystem.
Pan Helin, executive director of the Digital Economy Research Institute of Zhongnan University of Economics and Law, told Shell Financial reporter that in the industry, the intensity of the attack is more intense than outside the industry, a large number of investment institutions have changed their views on DeFi, many investors recoil, investment institutions have entered the idea of quitting, faith gradually collapsed. Now there is still a margin, that is, in the history of attacks on DeFi, there was a refund by hackers, and now in this case, hackers also feel that the money is too hot to handle, so they are willing to return, then this attack may eventually pass smoothly, but even so, the refund by hackers will not help investors to make a negative judgment on its security.
Washington News shell finance reporter Pan Yichun editor Chen Li proofread Wei Zhuo
