21st Century Business Herald reporter Hu Tianjiao comprehensively reported that after about US$610 million in assets were hacked at one time, the cross-chain DeFi (decentralized finance) platform Poly Network has received intermittently repayments from hackers.
On the morning of August 12, local time, Poly Network stated on social media that as of 8:18:29 on the same day, hackers had returned approximately US$342 million in assets, of which the amounts returned to Ethereum, Binance Smart Chain, and Polygon were US$04.6 million, US$252 million, and US$85,000, respectively.
"Theft is for fun." After returning some assets, the hacker explained in the blockchain by asking questions. "Poly Network is a good system, which is very challenging for hackers. I personally am not very interested in money."
But even if the amount returned reaches approximately US$342 million, compared with the approximately US$610 million that was previously hacked, there are still approximately US$268 million in Ethereum assets that have yet to be returned by hackers.
Poly Network became known on Tuesday for suffering what may become the largest DeFi hacker theft in history. On August 10, local time, Poly Network stated that it had been attacked by hackers, causing asset losses worth approximately US$610 million. US$250 million, US$270 million, and US$85 million were stolen from the three chains of Ethereum, BSC, and Polygon respectively. “Tens of thousands of people have been affected by hackers. Currently, approximately $33 million in the stolen stablecoin Tether has been frozen by the issuer of Tether, making it impossible for hackers to obtain it.”
"Dear hacker, we hope to contact you as soon as possible and ask you to return the stolen assets," Poly Network wrote in a subsequent letter. "What you have done may cause the largest Defi theft in history. This may be classified as a crime in any jurisdiction and you will be prosecuted."
Changpeng Zhao, CEO of Binance, said at the same time, "We are aware of the vulnerability that occurred today. Although no one controls BSC (or ETH), we are coordinating with all security partners to proactively provide help, and we will do our best." Security researcher SlowMist said that this is likely to be a long-term planned, organized, and prepared attack. The attacker's email, IP address and device fingerprint have been identified.
About an hour after the hack was announced, Tether Chief Technology Officer Paolo Ardoino blacklisted the hacker's address before the hacker attempted to transfer assets, including USDT, to liquidity pool Curve Finance via an Ethereum address, thereby freezing approximately $33 million in Tether funds. But even so, nearly $100 million was transferred from Binance Smart Chain addresses to the liquidity pool Ellipsis Finance.
“Hackers have begun using decentralized exchanges to convert stolen assets into other assets, including stablecoins,” Elliptic co-founder Tom Robinson explained. “Tokens such as stablecoins can theoretically be confiscated by their issuers, which may enable them to be returned to their rightful owners. However, this is not possible with stolen Ethereum assets.”
With DeFi applications attracting billions of dollars in investment funds, the former has naturally become a popular target for hackers. Data from encryption security company CipherTrace shows that so far this year, Defi-related hacking attacks account for more than 60% of total encryption attacks, up from 20% the previous year. As of the first five months of 2021, the amount stolen from Defi-related hacking attacks was US$156 million, which has exceeded the US$129 million value for the whole of 2020.
However, the overall situation for cryptocurrencies is improving. CipherTrace data shows that criminal losses across the cryptocurrency market dropped sharply to $681 million at the end of July, down from $1.9 billion in 2020 and $4.5 billion in 2019. The overall downward trend may reflect significant improvements in the cryptocurrency industry’s security infrastructure.
The rise in Defi illegal activities comes as the U.S. Securities and Exchange Commission (SEC) speeds up its regulation of crypto assets and seeks legislative support from the Senate. SEC Chairman Gary Gensler said in a recent response to a question from Senator Elizabeth Warren that regulators need more power to protect investors. “Lawmakers should give regulators clear authority to set rules for crypto asset exchanges, including DeFi trading venues. The SEC needs more power to prevent transactions, products, and platforms from falling through the regulatory cracks.”
In June 2021, after falsely reporting a "hacking" incident to customers, Ameer Cajee and Raees Cajee, the founders of the South African exchange Africrypt, disappeared with more than $3.6 billion worth of Bitcoin, becoming one of the largest Bitcoin thefts in history.
