Largest crypto theft to date: More than $ 600 million stolen
A security flaw in the protocol of the bridge blockchain PolyNetwork resulted in the theft of coins and tokens valued at approximately 611 million US dollars.

On August 10, 2021, the PolyNetwork fell victim to the largest theft to date in the history of cryptocurrencies. Unknown stole coins and tokens from the Ethereum (ETH), Binance Smart Chain (BSC) and Polygon (MATIC, not related to the PolyNetwork) blockchains worth $ 611 million at the time of the attack.

PolyNetwork is an interoperability platform - a bridge blockchain to exchange crypto currencies without a centralized exchange. The development team announced the theft on Twitter. The security company SlowMist has found out that the unknowns have apparently exploited a security gap within the PolyNetwork.

Insecurity

Accordingly, by linking certain functions in the smart contracts, it was possible to pretend to be the "keeper" of the same and thus transfer the users' coins or tokens to any wallet.

The addresses of the attacking party are:

ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71
Polygon: 0x5dc3603C9D42Ff184153a8a9094a73d461663214
Some crypto exchanges have blocked addresses to make sales difficult. In case you are wondering about the many tiny incoming transactions: Many hope to catch the attention of strangers and have money transferred in the form of cryptocurrencies.

Partly remitted

The development team behind the PolyNetwork has set up three multi-sig wallets and called on the unknown to transfer the coins and tokens back. These actually partially complied with the demand after SlowMist said it had traced the transaction chains back enough to be able to use crypto exchanges to infer the identities of the attackers.

So far, crypto currencies worth almost 5 million US dollars have been transferred to the wallets mentioned:

ETH: 0x71Fb9dB587F6d47Ac8192Cd76110E05B8fd2142f
BSC: 0xEEBb0c4a5017bEd8079B88F35528eF2c722b31fc
Polygon: 0xA4b291Ed1220310d3120f515B5B7AccaecD66F17
According to the current status, coins and tokens worth around 340 million US dollars have been transferred back.

Messages attached to the transactions of the strangers, sometimes to their own addresses, suggest that they are either trolls, they have gotten a whack or that they wanted to draw attention to the security gap in a questionable way.

Billions potential

In a first transaction it was said: "It would have been a billion hack if i had moved remaining shitcoins! Did I just save the project? Not so interested in money, now considering returning some tokens or just leaving them here."

The participants created the token "The hacker is ready to surrender" on the PolyNetwork blockchain. This was followed by a transaction with the text "ready to return the fund!", Followed again by "Failed to contact the poly. I need a secured multisig wallet from you." At the moment the transfers are coming in batches.