$600 Million Stolen in Historic Crypto Heist

Aug 13, 2021

A vulnerability in the blockchain platform Poly Network has been exploited to drain $600 million in what the firm suggests could be the largest cryptocurrency heist in history.

A blockchain logs every transaction made using a cryptocurrency—such as Bitcoin—and distributes this ledger to all users in the network, verifying the transactions as they occur. Poly Network facilitates movement between different blockchains so users can trade one cryptocurrency for another. The hacker identified a security flaw in the network and stole millions of dollars in cryptocurrencies including BSC, Ethereum and Polygon.

Poly Network responded with a Twitter post in which they asked the responsible party to establish communication and return the hacked assets. Noting the amount was the largest of its kind, they warned: “Law enforcement in any country will regard this as a major economic crime and you will be pursued.”

Responsibility was claimed by an unidentified person saying they did it “for fun” and had wanted to expose the vulnerability before others could exploit it. They went on to say it had always been their intention to return the money, with BBC News reporting as of the morning of 12 August nearly half of the stolen assets had been given back.

Explaining the security breach, Tom Robinson, Co-founder of London-based blockchain analytics and compliance firm Elliptic, says that the blockchains concerned were functioning as intended, but problems are introduced by human involvement in transactions between them.

The blockchain itself has operated here flawlessly, but the problem is on blockchains like Ethereum, you can write your own smart contracts. Various services have started offering this, including Poly Network… Whenever a human being writes code, there is a chance they will make a mistake.
"Tom Robinson, Co-founder, Elliptic

Having identified flaws in the code governing the transfer of tokens, the hacker was able to trick the network into moving tokens incorrectly.

Similar attacks have involved considerable sums—such as Yearn Finance and Alpha Finance Lab losing $11 million and $37 million respectively in February of this year, and Meerkat Finance losing $32 million in March, the day after its launch—but this latest attack is distinguished by its massive scale.

What this story mostly points to is just how powerful hackers can be and how powerless the unregulated, decentralised cryptocurrency world is when someone swipes a large fortune from under its nose.
"Mary-Ann Russon, Business Reporter, BBC News
Last Updated: Jan 12, 2024