Unprecedented! Hackers voluntarily return $610 million stolen from Poly Network

The huge loss of US$610 million has become the heaviest loss in the DeFi field and the largest loss in the entire blockchain industry. It is enough to be recorded in the history of blockchain security incidents and may even become an important event affecting the turning point of DeFi.

Therefore, since the official announcement of the theft, both the project party and security agencies, various forces in the cryptocurrency circle, and everyone in the cryptocurrency circle have been paying close attention to the latest developments of the Poly Network incident and doing their best to assist in freezing and recovering the funds.

Event Review

At around 8 pm yesterday evening, the cross-chain aggregation protocol O3 Swap was suspected to have been attacked and the LP pool was emptied. The official suggested that users suspend trading and resume trading after the problem was resolved.

Half an hour later, the cross-chain interoperability protocol Poly Network officially confirmed that it had been attacked, with a total of more than US$610 million transferred to three addresses, including more than US$270 million transferred to the Ethereum address starting with 0xC8a65, more than US$250 million transferred to the Binance Smart Chain address starting with 0x0D6e2, and more than US$85 million transferred to the Polygon address starting with 0x5dc36.

O3 Swap is built on Poly Network and is therefore affected. A large amount of assets were transferred across the O3 cross-chain pool, with a total of $335 million in assets on Binance Smart Chain and Polygon being transferred to two addresses. Specifically, in about two hours, 6,613 BNB, 87,603,671 USDC, 26,629 ETH, 1,023 BTCB, 32,107,854 BUSD, and 888,888,888 BabyLoserCoin on Binance Smart Chain were transferred to addresses starting with 0x0D6e, with a total value of over $250 million excluding BabyLoserCoin. 85,089,719 USDC on Polygon were transferred to addresses starting with 0x5dc36.

After Poly Network officially confirmed the theft, Tether was the first to react. Chief Technology Officer Paolo Ardoino said that Tether had frozen 33 million USDT from the hacker address that attacked Poly Network.

Except for Tether, other stablecoins were not frozen by the authorities and no statement was made, which also led to the subsequent successful transfer of some tokens by hackers. Although Zhao Changpeng said that he would provide support and coordinate with all security partners, he did not freeze BUSD. Whether assets should be frozen and whether this is decentralized enough also caused a lot of discussion after the incident.

Around 10 p.m., the hacker's Ethereum address added more than $97.06 million in liquidity on Curve, including 673,227 DAI and 96,389,444 USDC; finally, the hacker transferred about $120 million in stablecoins from the BSC address to the Curve fork project Ellipsis Finance, including 32,107,854 BUSD and 87,603,672 USDC.

At around 12:00, Poly Network posted a letter to the attacker on Twitter, hoping to establish communication and urging the attacker to return the hacked assets. The hacked amount of $610 million is the largest in the history of DeFi, and the law enforcement agencies of any country will regard this as a major economic crime. The attacker will be hunted down, and it is very unwise to conduct any further transactions.

The attacker then responded that he was not very interested in money and was now considering returning some tokens, or leaving them there, or possibly establishing a new coin and letting the DAO decide where the tokens go.

At 12 noon, the hacker actually said that he would return all the assets. He indicated through the transaction notes on the chain that he was ready to return the stolen assets, but because he could not contact the Poly Network project, he hoped that Poly Network would provide a multi-signature wallet. The hacker also said, "Getting so much wealth is already a legend, and saving the world is an eternal legend. I have made a decision and will no longer use DAO."

Poly Network officials also responded immediately, stating in a transfer to the hacker at Ethereum block height 13001657 that they were preparing a public multi-signature wallet controlled by Poly Network.

At this point, the thrilling 16-hour theft journey ended with a happy ending.

Within three hours of yesterday's attack, the SlowMist security team said that through on-chain and off-chain tracking, the attacker's email, IP, and device fingerprints have been linked and discovered, and they are tracking possible identity clues related to the Poly Network attacker. Through the support of multiple exchanges, it was found that the hacker's initial source of funds was Monero (XMR), which was exchanged for BNB/ETH/MATIC and other currencies in the exchange and withdrawn to three addresses respectively, and soon after, the attack was launched on three chains.

SlowMist emphasized that combining the flow of funds and multiple fingerprint information showed that this was most likely a premeditated, organized and prepared attack.

In response to the Poly Network attack, the BlockSec security team initially analyzed that the cause of the attack may be the leakage of the private key used for cross-chain signatures or a logical vulnerability in the signature program that led to the signing of attack transactions.

This morning, SlowMist released a detailed analysis of the hack of Poly Network. The attack was caused by the cross-chain contract keeper being modified to an address specified by the hacker, allowing the hacker to arbitrarily construct transactions to withdraw any amount of funds from the contract.

The core of this attack is that the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract can execute specific cross-chain transactions through the _executeCrossChainTx function.

Since the owner of the EthCrossChainData contract is the EthCrossChainManager contract, the EthCrossChainManager contract can modify the keeper of the contract by calling the putCurEpochConPubKeyBytes function of the EthCrossChainData contract.

The verifyHeaderAndExecuteTx function of the EthCrossChainManager contract can execute user-specified cross-chain transactions by internally calling the _executeCrossChainTx function. Therefore, the attacker only needs to pass carefully constructed data through the verifyHeaderAndExecuteTx function to make the _executeCrossChainTx function execute the putCurEpochConPubKeyBytes function of the EthCrossChainData contract to change the keeper role to the address specified by the attacker.

After replacing the keeper role address, the attacker can construct transactions at will to withdraw any amount of funds from the contract.

DeFi security incidents have frequently occurred since last year, but before July this year, thefts in the cross-chain field were rare, and now hackers have set their sights on the cross-chain track. ChainSwap was attacked twice, and the second attack on July 11 had a far-reaching impact. At that time, more than 20 project tokens that deployed smart contracts on ChainSwap were stolen by hackers. Although the amount was not increasing, the scope of the impact was the largest security incident in the history of DeFi development. Before the turmoil at ChainSwap subsided, the cross-chain digital asset trading protocol Anyswap was also attacked the next day, and the attack method was more advanced.

The theft of Poly Network is the largest security incident in the history of DeFi development, and even the largest in the entire blockchain industry. Even in this year's Black May, the BSC ecosystem had more than 30 security incidents in the previous month, with a total loss of only $300 million. The loss of this single Poly Network incident is already twice the loss of the worst loss month for the BSC ecosystem.

Fortunately, this incident had a good ending. After 16 hours of theft, the hacker said that he was ready to return the $610 million in assets, which gave all investors a reassurance. If it was not returned, any other actions would only increase the losses of Poly Network investors, because they were the ultimate victims of this theft. But is returning the assets the best outcome? The fact that hackers could transfer assets so easily has planted a mine for Poly Network and other DeFi projects.

In addition, there have been many voices about DeFi regulation recently, and the US regulatory authorities have paid much more attention to related events than before. In addition, after a year of development, various products have become relatively mature, and various traditional institutions are planning to enter the DeFi field. However, hackers "easily" stole $610 million and "easily" returned it. No matter which field investors belong to, they will be discouraged and think twice.

The funds are about to be returned, which seems to be a good result. However, there are still many rumors that the official embezzlement has been carried out, but there is no way to prove it. So, can the Poly Network, which has experienced such a storm, continue to develop as before? And can cross-chain projects that have been frequently targeted by hackers still move forward? Will the future of the DeFi industry also change as a result?