A relatively unknown DeFi cross-chain bridging protocol Poly Network announced on August 10 that it has suffered. This might be the largest hack in DeFi history by losing over $600M. This happened across three blockchain networks: Ethereum, Polygon, and Binance Smart Chain. The Poly Network has lost ~$273M of its users’ funds on Ethereum, on BSC ~$253M, and on Polygon ~85M. Though, the losses could be more.
Polygon: 0x5dc3603C9D42Ff184153a8a9094a73d461663214
We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses. @binance @HuobiGlobal @OKEx @CoinbasePro
Details of the Hack
The team is now requesting miners and crypto exchanges to blacklist the funds coming from the addresses mentioned above. Apart from the centralized exchanges and stablecoin protocols, it might be a tough ask. Blockchain miners don’t exactly control the transactions they process later. Also, they can’t guarantee that it won’t be confirmed on the blockchain. Poly Network has said that the affected assets include WETH, WBTC, renBTC, USDC, USDT, DAI, UNI, SHIB, FEI, etc. The attacker (s) has deposited DAI and USDC to the Curve protocol. This is also a lending/borrowing yield earning protocol.
Poly Network’s latest $600M hack is over 10 ten times larger than the last major DeFi hack, which was reported with EasyFi protocol losing over $59M of user funds, Rekt HQ leaderboard shows – a source specializing in reporting hacks on blockchain platforms. It’s surprising because Poly Network isn’t a commonly known name in the DeFi protocols list, but somehow was holding such large amounts of user funds. The exact way in which the attack was executed is unknown for now.
poly network got hacked, someone named hanashiro.eth sent the hacker some advice and got payed for 13.5 $ETH… OH MY…seriously? https://t.co/sk9XYojgjM pic.twitter.com/n7WhaweCDE
Poly Network – What’s that?
So what’s Poly Network? It appears that a crypto service that provides O3 Labs had a partnership with Poly Network to develop liquidity pools for their swap platform O3 Swap, sourcing liquidity from several blockchain networks, precisely why the extent of the hack is so large and will be impactful for quite some time to come. It appears that the hacker has been paying bounties also and an ETH address hanashiro.eth received 13.5 ETH from the hacker for tipping about the Tether USDT funds getting blacklisted.
This is a developing story and there are several details, which aren’t known for now. These include the exact nature of the hack, the more precise assessment of how much user funds were stolen, and the corrective action in the future. But for now, it’s safe to say that users should be careful before putting their funds into unknown and untested protocols.