Poly Network Got Robbed of More Than USD 600M

Poly Network Got Robbed of More Than USD 600M 101Source: Adobe/Denys Rudyi

Interoperability protocol Poly Network has confirmed that it has suffered a major exploit – losing at least USD 600.3m of its funds.

The protocol announced that it got attacked on Binance Smart Chain (BSC), Ethereum (ETH), and Polygon (MATIC).

"We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the [provided] addresses," said Poly Network, providing three addresses to which it says the assets have been transfered.

"We will take legal actions and we urge the hackers to return the assets," it then added.

No additional information has been provided by the team behind the protocol as of yet.

What can be seen from the addresses is that:

  • Polygonscan shows USD 84.93m worth of USD Coin (USDC);
  • BscScan shows USD 251.68m in Binance-pegged tokens, ETH, USDC, binance USD (BUSD), among others;
  • Etherscan shows nearly USD 264.4m of ETH, USDC, tether (USDT), and other ERC-20 tokens.

That is the total of USD 601m – which some say just may be the largest attack the space has ever seen.

Tether has reacted already and frozen c. USD 33m of USDT.

Victims and speculations

The hack has impacted at least one connected project that we know of for now.

Cross-chain aggregation protocol O3 Swap cross-chain function has been suspended due to the hack, tweeted O3Labs. “We are in contact with the team. Please be patient to back to full functionality,” they said, adding that the non-cross-chain function is available and can be used normally.

Per their documentation, O3 Hub is composed of a cross-chain asset pool such as stablecoin pool and cross-chain protocol based on Poly Network.

Both projects were initiated by blockchain project Neo (NEO).

According to journalist Colin Wu, there may be money laundering involved, as the Ethereum address tried to deposit funds into exchange liquidity pool Curve.fi. "The first few transaction attempts may be rejected by the mining pool and failed, but the subsequent transaction was successfully deposited and co-deposited approximately 673,227 DAI and 96,389,444 USDC, with 95,269,795 3Crv LP [liquidity provider] shares."

Meanwhile, an interesting dynamics seems to have developed, as there are suggestions that the attacker may be receiving some help along the way in return for hefty tips.

Learn more:
– RUNE Recovers 11% After Crash and Thorchain USD 8M Hack
– Holding The World To Ransom: Top 5 Online Gangs

– South Korean Politician: North Has Stolen USD 310M in Crypto Since 2019
– Another Two Binance Smart Chain Projects Suffer Flash Loan Attacks
(Updated at 14:32 UTC with a section "Victims and speculations")


Updated: 08/10/2021 — 11:00