The Poly Network has been exploited again, this time due to compromised private keys according to blockchain security firm Dedaub.
SushiSwap Narrowly Escaped A $350 Million DeFi Hack, Here’s How
The DeFi exchange SushiSwap would have joined the many projects that lost millions to the dubious activities of online hackers. For instance, Poly network lost $600 million in a similar hack one week ago. The good news is that the miscreants have returned many of the assets.
It could have been a terrible blow if Sushiswap followed suit with a $350 million loss after Poly Network. Luckily, a white-hat hacker saved the day for the firm. Samczsun, a Paradigm research partner shared the report.
According to him, the investigation on the smart contract code for the “BitDAO token sale” started on August 17.
Related Reading | Bitcoin Bull Cathie Wood Attracts Big Short Michael Burry To ARK Innovation ETF
The sale took place on Sushiswap’s “MISO” platform, a place where developers can launch their new tokens. It was, of course, successful, and the project raised $365 million without issues. But they could have lost everything to hackers due to a smart contract code error.
A Brief on Smart Contracts
Smart contracts are codes that perform different instructions on the blockchain. These codes are important as they ensure the proper functioning of the dApps (decentralized applications) on the blockchain.
These apps span across DeFi protocols and facilitate lending, trading, and borrowing transactions that occur without third-party controls.
These codes are supposed to be secure and accurate. But according to the researcher, there was an error in the code that could have helped attackers steal all the money from the token sale. According to him, the issue was way bigger than he thought at first as it could have caused a loss of $350million loss.
Fortunately, samcszan discovered this bug and even contacted his colleagues, including Dan Robinson and Georgios Konstantopoulos to check it out too. The three researchers quickly reached out to the SushiSwap team for solutions.
After discussing it with SushiSwap and an Immunefi representative, they decided that the sale should be stopped to enable them to fix the bug.
SushiSwap Reacts To The Issue
Based on the information we got, SushiSwap has disclosed that they didn’t lose any funds to attackers. But the team stated that the sale would stop temporarily to enable them to update the code. The DeFi protocol is very popular and is one of the largest protocols in the sector.
SushiSwap is trading in a downward momentum on the daily chart | Source: SUSHIUSD on TradingView.com
SushiSwap records a total of $444 million in its trading volume, and users usually make a lot of returns by staking in its liquidity pools. The protocol went live last year 2020 as a Uniswap copycat. But it made a name after launching the native token called SUSHI.
Related Reading | Microsoft To Fight Piracy With Ethereum, Introduces Project Argus
Luckily, the protocol has avoided a heavy exploit that would have set it back negatively, thanks to the white hat hacker.
Featured image from Pixabay, chart from TradingView.com
Poly Network offers to on board ‘Mr. White Hat’ as chief security advisor
“Poly Network has no intention of holding Mr. White Hat legally responsible,” said the team.
Poly Network hack exposes DeFi flaws, but community comes to the rescue
The DeFi hacker’s initial intentions remain unclear, but they refused to accept a $500,000 bounty after returning all funds.
Poly Network Confirms Hacker Has Returned Most Of The Stolen Crypto
The crypto market has been rocked by the news of what might be the biggest DeFi hack in history. On August 10th, the exploitation on the Poly Network saw the hacker(s) make away with more than $600 million in crypto. A hack that shook the entire DeFi market to its very core.
The hacker made off with a loot of over $200 million in ETH. And hundreds of millions in tokens. After a warning from a user warning that their USDT address had been blacklisted, the hacker then sent approximately $42K in ETH to the address which issued the warning. Resulting in hundreds of transactions being sent to the hacker’s address asking for money.
Related Reading | Q&A With Poly Hacker, Hero Or Villain Behind Biggest DeFi In History?
This culminated in a three-day rollercoaster of emotions and negotiations. The team behind the Poly Network, in a desperate attempt, penned a letter to the hacker. Begging for the stolen funds to be returned to them. And to much surprise, the hacker listened. They agreed to return the funds. But they asked that a multisig wallet address be provided for the crypto to be transferred into.
Hacker Begins To Return Stolen Crypto
Following the provision of the wallet, the hacker began the process of returning the crypto. At first, the hacker return SHIB tokens and other tokens. Which amounted to over $250 million. But there was still a large part of the loot left behind in the hacker’s wallet. The Poly Network team confirmed this in a tweet following the return.
Update: PolyNetwork hackers have returned $253 million on the BSC chain. pic.twitter.com/jO0SiWDtyP
— Wu Blockchain (@WuBlockchain) August 11, 2021
Various wallets addresses were provided for the hacker to send the crypto into. Including an ETH wallet, a BSC wallet, and a Polygon wallet. All multisig wallets according to the specifications of the hacker. Which they had requested because they said there was a failed connection to the Poly Network.
Related Reading | Why A Shocking Altcoin Season Could Be On The Horizon
Less than 24 hours ago, the Poly team again took to Twitter to announce more returns. This time stating that the hacker had returned most of the stolen crypto to them. All assets had been sent to the multisig wallets provided by the Poly Network. Except for the frozen USDT.
Why Is The Hacker Doing This?
Speculations were that the identity of the hacker had been compromised. Hence their willingness to return such a massive amount back to the network. But the hacker denied all of these. Saying that they had taken adequate precautions to make sure they would not be identified. Such as using temporary fingerprint verification. Given that one of the information the security company, SlowMist announced they had acquired was the hacker’s fingerprint.
Related Reading | Here’s What Happens To All Of The Crypto Assets The IRS Seizes
Other speculations were that the stolen crypto was already tagged. In this case, there was no way the hacker would be able to spend the funds without exposing themselves. Every transaction would be tracked meticulously. Leading to the discovery of whoever was behind the wallets that the funds were transferred to.
A lot of back and forth had been had with the hacker before they agreed to return the funds. The hacker even went as far as hosting a Q&A session. Where they answer questions regarding the hack, like why they had done it. To which the hacker had asked what they would have done if faced with such an amount of money. Also stating that they “prefer to stay in the dark and save the world.”
Related Reading | Wells Fargo Now Offers Cryptocurrency Investment To Clients
The stolen crypto are not fully released yet. Multisig wallets are secure in the fact that they require multiple signatures from involved parties. Hence, the hacker would still have to sign off on the wallets for the funds to be released to the Poly Network team. Once the final key is received from the hacker, then the team can regain access to both the assets and cross-chain services.
Featured image from ZDNet
Poly Network hacker returns $258M, conducts AMA on how it went down
$258 million worth of stolen crypto assets have been returned so far and the hacker claims they are keeping the rest of the funds safe while they negotiate with Poly.
