A decentralized financial network has claimed hackers absconded with about $600 million worth of cryptocurrencies in one of the largest heists to target the growing digital asset industry.
Poly Network, which links some of the world’s most widely used digital ledgers, said on Tuesday that attackers had exploited a vulnerability in its system and taken thousands of crypto tokens. The attack would be one of the largest to date on a crypto venture, on a par with breaches of exchanges Coincheck and Mt. Gox.
The alleged hack was a blow to supporters of decentralized finance, or DeFi, which has been one of the fastest-expanding areas of the booming cryptocurrency market. It also highlighted the lack of consumer and investor protections in a market with only light oversight from financial regulators.
Poly Network has developed a computer protocol, or set of rules, that allows users to transfer tokens tied to one blockchain to a different network. Many of the world’s most widely used blockchains, such as Binance Chain and Ethereum, have developed independently, and their coins, offered as an incentive to users, run on separate technologies.
That means investors cannot easily move their tokens to a different blockchain to trade them or use them as collateral for another investment.
Proponents are trying to build networks that allow users to buy and sell digital assets directly with each other, bypassing intermediaries that impose fees such as exchanges or clearinghouses. Many projects aim to be fully decentralized.
The alleged hacker exploited a vulnerability in Poly Network’s “contract calls,” a type of test that is not intended to be published on the blockchain, to access the ledgers and transfer money, the network said.
The tokens were valued at about $600 million prior to the news of the alleged hack, consisting of more than $270 million on the Ethereum blockchain, $250 million on the Binance Smart Chain, and $84 million on the Polygon network, according to wallet addresses published by Poly Network on Twitter.
Etherscan indicated that the hacker had taken alt-coins such as Binance Coin and ether as well as dozens of smaller tokens, including Shiba Inu, Matic, and Uniswap. The dollar value of the stolen coins dropped to $394 million as news of the theft spread and investors sold cryptocurrencies, knocking the tokens’ prices.
Poly Network called on groups known as “miners,” which process transactions, and centralized crypto exchanges to block transfers. “We will take legal actions and we urge the hackers to return the assets,” it said.
Changpeng Zhao, chief executive of Binance, said his company was aware of the incident. He said while “no one controls” Binance’s blockchain, the group was “coordinating with all our security partners to proactively help.”
“There are no guarantees. We will do as much as we can,” he added.
Paolo Ardoino, chief technical officer at stablecoin company Tether, said the group had frozen about $33 million worth of its tokens, which were on the Poly Network. A substantial proportion was also in USD Coin, operated by payments service company Circle, according to Etherscan. Circle did not immediately respond to a request for comment.
Gary Gensler, chair of the Securities and Exchange Commission, the US markets regulator, had called on lawmakers this month to give watchdogs more power to protect investors from illicit activity on DeFi platforms.
© 2021 The Financial Times Ltd. All rights reserved Not to be redistributed, copied, or modified in any way.
https://arstechnica.com/?p=1786591