A cryptocurrency platform has lost an estimated US$600-million (R8.9-billion) in digital tokens after one of the sector’s biggest-ever hacking attacks, according to details of the heist which emerged on Wednesday.
Poly Network, a decentralised finance (DeFi) platform, announced the hack on Twitter and posted details of digital wallets to which it said the money was transferred, urging people to blacklist tokens from those addresses.
The value of the tokens in the wallets cited by Poly was just over $600-million at the time of the announcement, according to crypto trade publication The Block. The heist appears to be one of the biggest ever in cryptocurrency markets, and compares to the $530-million in cryptocurrency stolen from Tokyo-based bitcoin exchange Coincheck in 2018. Crypto exchange Mt Gox, also based in Tokyo, collapsed in 2014 after losing half a billion dollars in bitcoin.
The latest attack comes as losses from theft, hacks and fraud related to decentralised finance hit an all-time high, raising the risk of both investing in the sector and of regulators looking to shake it down.
DeFi refers to peer-to-peer cryptocurrency platforms that allow transactions without traditional gatekeepers such as banks or exchanges. Poly Network allows users to swap tokens across different blockchains.
‘Massive hack’
“It is a massive hack … as large as Mt Gox,” said Bobby Ong, co-founder of crypto analytics website CoinGecko, although he noted the fallout had not yet hurt major crypto prices. “This project is finished in my opinion. (It is) going to take a lot to regain confidence.”
Poly did not immediately respond to a request on Wednesday for more detail about the incident. It was not immediately clear where the platform is based, or whether any law enforcement agency was investigating the heist.
Poly tweeted it planned to take legal action and urged the hackers to return the assets, a move analysts said underscored how hard it is to recover stolen tokens.
“It is not like an ordinary bank heist where the money is stolen from the bank who remains the victim,” said Jake Moore, cybersecurity specialist at cybersecurity firm ESET and former head of digital forensics at Britain’s Dorset police.
“Money stolen, which is stored in digital ledgers, is taken from individual accounts and this is what worries those choosing to store their money in these locations,” Moore added.
The stolen funds amount to more than the criminal losses registered by the entire DeFi sector from January to July of a record $474-million, according to a report from crypto intelligence company CipherTrace.
Proponents of DeFi say the technology will allow more people and businesses to access financial services. Yet it is mostly unregulated, with tech flaws and weaknesses in the code many platforms use leaving it vulnerable.
Still, a message embedded in transactions from one of the wallets controlling the missing funds said: “I need a secured multisig wallet from you,” possibly in an attempt to try and return the loot. “It’s already a legend to win so much fortune,” read a subsequent message.
The chief technology officer of Tether, a stablecoin, also said on Twitter the company had frozen $33-million connected with the hack, and top management at large crypto exchanges responded to Poly on Twitter saying they would try to help. — Reported by Alun John, Tom Wilson and Tom Westbrook, (c) 2021 Reuters