About the Poly Network hack
A cryptocurrency platform has lost an estimated $600 million in digital tokens in one of the the biggest ever cyberheists. Poly Network, a decentralized platform that facilitates peer-to-peer transactions, announced the hack on Twitter and posted details of digital wallets to which it said the money was transferred, urging people to blacklist tokens from those addresses.
The value of the tokens in the wallets cited by the platform was just over $600 million at the time of the announcement. Poly Network says it plans to take legal action and urged the hackers to return the stolen funds to several of its digital addresses.
The plea looked to be gaining some traction, with around $4.8 million in stolen tokens returned by Wednesday afternoon, according to public blockchain records and crypto tracking firm Elliptic. Analysts cited the headaches of laundering stolen crypto on such a scale as a possible motivation for the move.
The theft appeared to be one of the biggest ever in cryptocurrency markets, and was on a par with the $530 million in digital coins stolen from Tokyo-based exchange Coincheck in 2018. The Mt. Gox exchange, also based in Tokyo, collapsed in 2014 after losing half a billion dollars in bitcoin.
Poly Network allows users to swap tokens across different blockchains.
“It is a massive hack … as large as Mt. Gox,” said Bobby Ong, co-founder of crypto analytics website CoinGecko, although he noted the fallout had not yet hurt major crypto prices. “This project is finished in my opinion. (It is) going to take a lot to regain confidence.”
Technical details of the Poly Network hack
Address stolen funds were sent to
Stolen funds are located in these wallets:
Attacker ETH: 0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963
Attacker BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71
Chains that were exploited
The hacker exploited the Proxy Lock Contracts of Poly Network on three different chains.
Ethereum:0x250e76987d838a75310c34bf422ea9f1ac4cc906
BSC:0x05f0fDD0E49A5225011fff92aD85cC68e1D1F08e
Polygon:0x28FF66a1B95d7CAcf8eDED2e658f768F44841212
Cryptocurrencies the hacker stole
On the Ethereum blockchain, the hacker stole
USDC – 96,389,444
WBTC – 1,032
DAI – 673,227
UNI – 43,023
SHIBA – 259,737,345,149
renBTC- 14.47
USDT – 33,431,197
wETH – 26,109
FEI USD – 616,082
On BSC, the hacker stole:
BNB – 6,613.44
USDC – 87,603,373
ETH – 299
BTCB – 26,629
BUSD – 1,023
On the Polygon blockchain, the hacker stole:
USDC – 85,089,610
The hacker’s communications with Poly Network
The attacker first turned to tornado.cash to launder the money. They sent this transaction which was found to be tied to FTX, Binance, and Okex accounts.:
Here is a summary of the hacker’s communications with Poly Network.
| zone UTC | Round | 11/08/2021 18:05:51 | Pass | Delay | from | To | Content | Hash | Amount | Token | Chain | Refund | Refund | Refund | |||
| 14 | Aug-10-2021 02:36:01 PM +UTC | 1 | 10/8/2021 14:36:01 | 27,5 Hours | PolyNetwork | White Hacker | Can you connect us? contact@poly.network | https://etherscan.io/tx/0xf6488e1efacd9c280eb91133d04ba357beca8016df8b0b0524b9a2e207b2ad7f | 100 USDC | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 15 | Aug-10-2021 03:26:28 PM +UTC | 2 | 10/8/2021 15:26:28 | 26,66 Hours | 51 Mins | White Hacker | PolyNetwork | WONDER WHY TORNADO? WILL MINER STOP ME? TEACH ME PLZ! | https://etherscan.io/tx/0x3a09c98f99edd9601ed017ff269652fd80c7e9aedcea57126990031128851043 | 1.000 USDC | |||||||
| 16 | Aug-10-2021 04:05:47 PM +UTC | 3 | 10/8/2021 16:05:47 | 26 Hours | 39 Mins | White Hacker | PolyNetwork | IT WOULD HAVE BEEN A BILLION HACK IF I HAD MOVED REMAINING SHITCOINS! DID I JUST SAVE THE PROJECT? NOT SO INTERESTED IN MONEY, NOW CONSIDERING RETURNING SOME TOKENS OR JUST LEAVING THEM HERE | https://etherscan.io/tx/0x552bc0322d78c5648c5efa21d2daa2d0f14901ad4b15531f1ab5bbe5674de34f | 1.000.000 USDC | |||||||
| 17 | Aug-10-2021 04:25:57 PM +UTC | 4 | 10/8/2021 16:25:57 | 25,67 Hours | 20 Mins | PolyNetwork | White Hacker | We can offer you a security bounty when you return all the remaining assets.We will provide a secure address through e-mail. | https://etherscan.io/tx/0x6b174ace1a83530bd2f33f07b213536699418b533cf2d3685556cf126e7061d8 | 23.88 BTCB | |||||||
| 18 | Aug-10-2021 04:39:03 PM +UTC | 5 | 10/8/2021 16:39:03 | 25,45 Hours | 13 Mins | White Hacker | PolyNetwork | WHAT IF I MAKE A NEW TOKEN AND LET THE DAO DECIDE WHERE THE TOKENS GO | https://etherscan.io/tx/0x4c102e972301b999318df70e3d3a067994dcc83951f07f7f37c45ff7e922beec | 1000 BTCB | 616.082 FEI | ||||||
| 19 | Aug-10-2021 04:48:57 PM +UTC | 6 | 10/8/2021 16:48:57 | 25,28 Hours | 10 Mins | PolyNetwork | White Hacker | The decision made by DAO can’t changed the fact that the assets are stolen from crypto believers.We want to offer a security bounty and we hope it will be remembered as the biggest white hat hack in the history. | https://etherscan.io/tx/0xe72e56fa6392b5cae82997aa24d3b668b8a0fba04afb543ea4e7f50295d439d2 | 26629 ETH | 259,737,345,149 SHIBA | ||||||
| 20 | Aug-11-2021 03:48:18 AM +UTC | 7 | 11/8/2021 03:48:18 | 14,29 Hours | 662 Mins | White Hacker | PolyNetwork | READY TO RETURN THE FUND! | https://etherscan.io/tx/0x7b6009ea08c868d7c5c336bf1bc30c33b87a0eedd59dac8c26e6a8551b20b68a | 119,664,866 BUSD | 14.47 renBTC | ||||||
| 21 | Aug-11-2021 03:49:11 AM +UTC | 8 | 11/8/2021 03:49:11 | 14,28 Hours | 1 Mins | White Hacker | PolyNetwork | FAILED TO CONTACT THE POLY. I NEED A SECURED MULTISIG WALLET FROM YOU | https://etherscan.io/tx/0x79245fb1d1ae48a214118e25d6ad2f9324f514ec6708135a19ba9d4cfa6344f6 | 6620 BNB | |||||||
| 22 | Aug-11-2021 04:02:06 AM +UTC | 9 | 11/8/2021 04:02:06 | 14,06 Hours | 13 Mins | White Hacker | PolyNetwork | IT’S ALREADY A LEGEND TO WIN SO MUCH FORTUNE. IT WILL BE AN ETERNAL LEGEND TO SAVE THE WORLD. I MADE THE DECISION, NO MORE DAO | https://etherscan.io/tx/0xd239b01026c49b234d075e3d23a07efd1c3234239cfb440c0f90d5e84836fbe2 | ||||||||
| 23 | Aug-11-2021 04:07:48 AM +UTC | 10 | 11/8/2021 04:07:48 | 13,97 Hours | 6 Mins | PolyNetwork | White Hacker | We are preparing a multi-sig address controlled by known Poly addresses | https://etherscan.io/tx/0x910b00b2b60b76d7c29a1855f9a1ebf204356eed22498334ddd46e46d96e06c2 | ||||||||
| 24 | Aug-11-2021 04:59:05 AM +UTC | 11 | 11/8/2021 04:59:05 | 13,11 Hours | 51 Mins | PolyNetwork | White Hacker | Hope you will transfer assets to addresses below: ETH: 0x71Fb9dB587F6d47Ac8192Cd76110E05B8fd2142f BSC: 0xEEBb0c4a5017bEd8079B88F35528eF2c722b31fc Polygon: 0xA4b291Ed1220310d3120f515B5B7AccaecD66F17 | https://etherscan.io/tx/0xf25ad2da525da68e7e254ecb5d780ae2c64f4df442baa14832fcbdff65dfb193 | ||||||||
| 25 | Aug-11-2021 07:50:12 AM +UTC | 12 | 11/8/2021 07:50:12 | 10,26 Hours | 172 Mins | White Hacker | PolyNetwork | ACCEPT DONATIONS TO “THE HIDDEN SIGNER” NOW. ENCRYPT YOUR MSG WITH HIS PUBKEY. | https://etherscan.io/tx/0x160231043b80c7824f658b3621163ebcc537ff29ad1dfb3572e658ebf0ddc2fd | ||||||||
| 26 | Aug-11-2021 08:43:57 AM +UTC | 13 | 11/8/2021 08:43:57 | 9,37 Hours | 54 Mins | White Hacker | REFUND | 100$ To Polygon (By USDC) | https://polygonscan.com/tx/0x74403d359c6eb79acbfe24ddbbab60cccdf4cc8db64709576ed972f707ce52eb | 100 | USDC | Polygon | |||||
| 27 | Aug-11-2021 08:46:43 AM +UTC | 14 | 11/8/2021 08:46:43 | 9,32 Hours | 3 Mins | White Hacker | REFUND | 1.000$ To Polygon (By USDC) | https://polygonscan.com/tx/0x444561661539983b434f064dbaf1f0ef160def0baf201e61946384f111109910 | 10.000 | USDC | Polygon | |||||
| 28 | Aug-11-2021 08:58:23 AM +UTC | 15 | 11/8/2021 08:58:23 | 9,12 Hours | 12 Mins | White Hacker | REFUND | 1.000.000$ To Polygon (By USDC ) | https://polygonscan.com/tx/0x7033942dde965ad6ee5acbd16e068df8c6187d7c0782055f870994a95cb058c4 | 1.000.000 | USDC | Polygon | |||||
| 29 | Aug-11-2021 09:45:52 AM +UTC | 16 | 11/8/2021 09:45:52 | 8,33 Hours | 48 Mins | PolyNetwork | White Hacker | You are moving things to the right direction. We received 1+M USDC on Polygon. Did you ask us to encrypt the receiving addresses with your BookKeeper public key? | https://etherscan.io/tx/0x59451c04dd5809958100c20a1263b7c1c6fc5080b38163b5117557418a473c47 | ||||||||
| 30 | Aug-11-2021 09:47:55 AM +UTC | 17 | 11/8/2021 09:47:55 | 8,3 Hours | 2 Mins | White Hacker | REFUND | 0.6$ To BSC ( by USDC ) | https://bscscan.com/tx/0xd19b96776e7e321ce1b03ccb8f96dcbceae0c4ef3e52f0eaf644b540e683b707 | 1 | USDC | BSC | |||||
| 31 | Aug-11-2021 09:48:28 AM +UTC | 18 | 11/8/2021 09:48:28 | 8,29 Hours | 1 Mins | White Hacker | REFUND | 38$ To BSC ( by BUSD ) | https://bscscan.com/tx/0x222e665ed61d9c722c5fdfaa6330d9fbd919c77e1edc6534be1650cf926668b0 | 38 | BUSD | BSC | |||||
| 32 | Aug-11-2021 09:49:10 AM +UTC | 19 | 11/8/2021 09:49:10 | 8,28 Hours | 1 Mins | White Hacker | REFUND | 1.000.000$ To BSC ( by BTCB ) | https://bscscan.com/tx/0x8537ce0fb13a9aae72a531b14838a59b9232bb3db8d65857f5e9b55bfbf3108d | 23,88 | BTCB | BSC | |||||
| 33 | Aug-11-2021 10:54:38 AM +UTC | 20 | 11/8/2021 10:54:38 | 7,19 Hours | 66 Mins | White Hacker | REFUND | 622.000$ To ETHCHAIN ( by FEI ) | https://etherscan.io/tx/0xd3327a266add4ec655ef5fe00fd042bdcdf1b886c26af3b5dd21b2e4ec9bde49 | 616.082 | FEI | ETH Chain | |||||
| 34 | Aug-11-2021 10:59:14 AM +UTC | 21 | 11/8/2021 10:59:14 | 7,11 Hours | 5 Mins | White Hacker | REFUND | 2.000.000$ To ETHCHAIN ( by SHIBA ) | https://etherscan.io/tx/0x4d0c93ca9746d1c8a80c0ecf58bd5bba66654fefae3df320b4d138405d0cbc0e | 259.737.345.149 | SHIBA | ETH Chain | |||||
| 35 | Aug-11-2021 12:07:35 PM +UTC | 22 | 11/8/2021 12:07:35 | 5,97 Hours | 69 Mins | White Hacker | PolyNetwork | DONATE TO 0xA87fB85A93Ca072Cd4e5F0D4f178Bc831Df8a00B IF YOU SUPPORT MY DECISION, ENCRYPT YOUR MSG WITH HIS PUBKEY IF YOU WANT TO TALK | https://etherscan.io/tx/0x87715ad26621431c2c27f44d9214798e0c81a97d938ba5d4580dcd72f07ec6a8 | ||||||||
| 36 | Aug-11-2021 12:12:16 PM +UTC | 23 | 11/8/2021 12:12:16 | 5,89 Hours | 5 Mins | White Hacker | PolyNetwork | DUMPING SHITCOINS FIRST! HOW ABOUT UNLOCKING MY USDT AFTER RETURNING ENOUGH USDC? | https://etherscan.io/tx/0xa7cd9cb0211942998602e22ad6f7fd7d9c1eef9515f4e4154a76237d5fd71aa3 | ||||||||
| 37 | Aug-11-2021 01:15:56 PM +UTC | 24 | 11/8/2021 13:15:56 | 4,83 Hours | 64 Mins | White Hacker | PolyNetwork | {“iv”:”be1fb3ba513b8779f7a38525cf118fae”,”ephemPublicKey”:”04a35ba379dc4922a7fbf2f7d64be16b8096c78d3a17f40dab1c07928c178f8476663d032f6920a3f9467af8908a5de3594779e59a32fa320286a4ba028554c076″,”ciphertext”:”d8d60653f3fa30b31f2ebb40cc8ba697e45f59f4e976f1b84d7382a3a1aced6b”,”mac”:”393423c5f65ffa52e09d97dda25acd32d39efe157a1a334539ae047d0397043d”} | https://etherscan.io/tx/0x64eb495eba8b2000181498910748614dbd2c4bd7d6997af20cdb92c2518b2bce | ||||||||
| 38 | Aug-11-2021 01:17:08 PM +UTC | 25 | 11/8/2021 13:17:08 | 4,81 Hours | 1 Mins | White Hacker | PolyNetwork | 0b156682321ad8b4307c76b60dac7650022f314a319f3e17d5e83718dbc305d6a1bcf0461b0eeb1c15b24994ae1deca1305f99dc9d294b926c4b9ade2718478a1f364a395f6a253da2a1561807540a2193974b134ba2be616b810e899c5df21aa2 | https://etherscan.io/tx/0x69534e330c5f8529759272b86e90bbacf7a5c4082683064c471e5539eacf53ba | ||||||||
| 39 | Aug-11-2021 02:01:41 PM +UTC | 26 | 11/8/2021 14:01:41 | 4,07 Hours | 45 Mins | White Hacker | REFUND | 1000 BTC To BSC | https://bscscan.com/tx/0x933dc403b49fb5ed26b364d181ecc036b1ab2056ed3f43b37391b0c6509633c0 | 1.000 | BTCB | BSC | |||||
| 40 | Aug-11-2021 02:03:37 PM +UTC | 27 | 11/8/2021 14:02:37 | 4,05 Hours | 1 Mins | White Hacker | REFUND | 26,629.17 ETH To BSC | https://bscscan.com/tx/0x6e2317a437e7804b211ab03a11d61bf68d4fd3b87a5d0deb76d87febddca262b | 26.629 | ETH | BSC | |||||
| 41 | Aug-11-2021 02:17:35 PM +UTC | 28 | 11/8/2021 14:17:35 | 3,8 Hours | 15 Mins | White Hacker | REFUND | 119mil BUSD To BSC | https://bscscan.com/tx/0xec9507edd4c928eb64e59fe2c6dd605ac58792729ff30b0911939bfef0ad6278 | 119,664,866 | BUSD | BSC | |||||
| 42 | Aug-11-2021 02:19:33 PM +UTC | 29 | 11/8/2021 14:19:33 | 3,77 Hours | 17 Mins | White Hacker | REFUND | 10 BNB To BSC | https://bscscan.com/tx/0xb5a0f3787d56d6b71d711659d070b13a506710e7a6d06487fbb57f9f953770c2 | 10 | BNB | BSC | |||||
| 43 | Aug-11-2021 02:23:47 PM +UTC | 30 | 11/8/2021 14:23:47 | 3,7 Hours | 6 Mins | White Hacker | REFUND | 6610 BNB To BSC | https://bscscan.com/tx/0xc1fb5ab331cb90b6efd55f86d41e400c1119e3d077dfc059f6999c875f1e6360 | 6.610 | BNB | BSC | |||||
| 44 | Aug-11-2021 02:37:21 PM +UTC | 31 | 11/8/2021 14:37:21 | 3,48 Hours | 18 Mins | White Hacker | PolyNetwork | 01c1d99be69552fad96069174147a8f5022e526cfb3644d2bcd07adccdd55a00b4e7f3c63273713f4c1839276b56a0f8a4e1928c2b9831bbd6442734752d96a5c28dcbc7a7e5c29c23f7aff6e49e2fe9b37881876756924ea9050392fe847e700abb5db4064270862f35df23b5aa14278e80814a873b1d0c23665b08f757fc081d716f64c344a17126b56232a9476c9542695e5fefdb676c9a1c16879b088bf32b7e2afa123a53e3373366f36db7a5cacde1246ba160c455b249077a21cce40df894054fbc996c9f1cb1ef5d71ba621c5485cb411c77953adbf7ecbc0040b5c28a | https://etherscan.io/tx/0x62d376fbb95367ba95d046c0c041531e320e93526fc282da5a1a65dacc885f47 | ||||||||
| 45 | Aug-11-2021 02:39:22 PM +UTC | 32 | 11/8/2021 14:39:22 | 3,44 Hours | 16 Mins | White Hacker | PolyNetwork | JUST DUMPED ALL ASSETS ON BSC & POLYGON. HACKING FOR GOOD, I DID SAVE THE PROJECT | https://etherscan.io/tx/0x3de5a4eb6c1953ce2d0422bc5d0d16b2d9e54316cf0784bb793b3c67f09387b7 | ||||||||
| 46 | Aug-11-2021 03:08:15 PM +UTC | 33 | 11/8/2021 15:08:15 | 2,96 Hours | 31 Mins | White Hacker | PolyNetwork | 4e7ebea396547cae74d0dea5f6d60e3c02e04ee7f52b31936d56c19bef1c619301765f766a4a879dc089302f2623bbaa50c390932141773bff1a83b6140b8bab73c4a768f0526e5b1be79d1893b608548fc759108f374eccdfab9401f89b77915c2b70b031388b515891567456348008c6e520cb80d7d4daddf3dcac9ee164b73515ac57a88da0470a9e9f6b1b0c634aa1 | https://etherscan.io/tx/0x4d6490b47a82e548236b4448713a973d833e439ad9fff76513d38ad2f7cb4fa5 | ||||||||
| 47 | Aug-11-2021 03:19:39 PM +UTC | 34 | 11/8/2021 15:19:39 | 2,77 Hours | 40 Mins | White Hacker | PolyNetwork | 14.47 renBTC To ETH Chain | https://etherscan.io/tx/0xd916036ed3f4fd356e32faf7a0849834e54d7555383c372058226cb32705916b | 14.47 | renBTC | ETH Chain | |||||
| 48 | Aug-11-2021 03:24:33 PM +UTC | 35 | 11/8/2021 15:24:33 | 2,69 Hours | 16 Mins | PolyNetwork | White Hacker | 0x35b6fd7cab004eb2f3c225982540189f028057d66e3f07a46547b2de92c68750bd53ddf6290b016f1d8d1d9bccb124d691f5cf6737a105006bf00cea4aa421555ab11b03e8a39b369436977abbbd1260b827efd9a269c7fdb9e2773f6c9f4f861fb47e337bd5b045a87bd734c2c772b5a2f8f841678e0826342f56cc201594d3ddf5f91fbebeb6c4431fe929adebce701669a33e0b5c36866c9e49a1e0ba09188c | https://etherscan.io/tx/0x7a924cf530150ba0d0d8b063f33a812ccf7564d347c193d03ad3b728c5fc6ab2 | ||||||||
| 49 | Aug-11-2021 03:57:28 PM +UTC | 36 | 11/8/2021 15:57:28 | 2,14 Hours | 38 Mins | White Hacker | PolyNetwork | Q & A, PART ONE: Q: WHY HACKING? A: FOR FUN 🙂 Q: WHY POLY NETWORK? A: CROSS CHAIN HACKING IS HOT Q: WHY TRANSFERING TOKENS? A: TO KEEP IT SAFE. WHEN SPOTTING THE BUG, I HAD A MIXED FEELING. ASK YOURSELF WHAT TO DO HAD YOU FACING SO MUCH FORTUNE. ASKING THE PROJECT TEAM POLITELY SO THAT THEY CAN FIX IT? ANYONE COULD BE THE TRAITOR GIVEN ONE BILLION! I CAN TRUST NOBODY! THE ONLY SOLUTION I CAN COME UP WITH IS SAVING IT IN A _TRUSTED_ ACCOUNT WHILE KEEPING MYSELF _ANONYMOUS_ AND _SAFE_. NOW EVERYONE SMELLS A SENSE OF CONSPIRACY. INSIDER? NOT ME, BUT WHO KNOWS? I TAKE THE RESPOSIBILITY TO EXPOSE THE VULNERABILITY BEFORE ANY INSIDERS HIDING AND EXPLOITING IT! Q: WHY SO SOPHISTICATED? A: THE POLY NETWORK IS DECENT SYSTEM. IT’S ONE OF THE MOST CHALLENGING ATTACKS THAT A HACKER CAN ENJOY. AND I HAD TO BE QUICK TO BEAT ANY INSIDERS OR HACKERS, I TOOK IT AS A BONUS CHALL 🙂 Q: ARE YOU EXPOSED? A: NO. NEVER. I UNDERSTOOD THE RISK OF EXPOSING MYSELF EVEN IF I DON’T DO EVIL. SO I USED TEMPORARY EMAIL, IP OR _SO CALLED_ FINGERPRINT, WHICH WERE UNTRACABLE. I PREFER TO STAY IN THE DARK AND SAVE THE WORLD. | https://etherscan.io/tx/0x1fb7d1054df46c9734be76ccc14fa871b6729e33b98f9a3429670d27ec692bc0 | ||||||||
| 50 | Aug-11-2021 04:18:39 PM +UTC | 37 | 11/8/2021 16:18:39 | 1,79 Hours | 54 Mins | PolyNetwork | White Hacker | We appreciate your returning of assets and the explanation of your motivation. We would like to work with you to resolve the current and future security issues of PolyNetwork. Please complete the returning of assets as you promised and let’s move on. | https://etherscan.io/tx/0xf59c47f47e6f19acc60bea81f6bde2ca41ecefaddc797bdb7fa6a8651aede384 | ||||||||
| 51 | Aug-11-2021 04:31:12 PM +UTC | 38 | 11/8/2021 16:31:12 | 1,58 Hours | 34 Mins | White Hacker | PolyNetwork | Q & A, PART TWO: Q: WHAT REALLY HAPPENED 30 HOURS AGO? A: LONG STORY. BELIEVE IT OR NOT, I WAS _FORCED_ TO PLAY THE GAME. THE POLY NETWORK IS A SOPHISTICATED SYSTEM, I DIDN’T MANAGE TO BUILD A LOCAL TESTING ENVIRONMENT. I FAILED TO PRODUCE A POC AT THE BEGINNING. HOWEVER, THE AHA MOMEMNT CAME JUST BEFORE I WAS TO GIVE UP. AFTER DEBUGGING ALL NIGHT, I CRAFTED A _SINGLE_ MESSAGE TO THE ONTOLOGY NETWORK. I WAS PLANNING TO LAUNCH A COOL BLITZKRIEG TO TAKE OVER THE FOUR NETWORK: ETH, BSC, POLYGON & HECO. HOWEVER THE HECO NETWORK GOES WRONG! THE RELAYER DOES NOT BEHAVE LIKE THE OTHERS, A KEEPER JUST RELAYED MY EXPLOIT DIRECTLY, AND THE KEY WAS UPDATED TO SOME WRONG PARAMETERS. IT RUINED MY PLAN. I SHOULD HAVE STOPPED AT THAT MOMENT, BUT I DECIDED TO LET THE SHOW GO ON! WHAT IF THEY PATCH THE BUG SECRETLY WITHOUT ANY NOTIFICATION? HOWEVER, I DIDN’T WANT TO CAUSE _REAL_ PANIC OF THE CRYPTO WORLD. SO I CHOSE TO IGNORE SHIT COINS, SO PEOPLE DIDN’T HAVE TO WORRY ABOUT THEM GOING TO ZERO. I TOOK IMPORTANT TOKENS (EXCEPT FOR SHIB) AND DIDN’T SELL ANY OF THEM. Q: THEN WHY SELLING/SWAPPING THE STABLES? A: I WAS PISSED BY THE POLY TEAM FOR THEIR INITIAL REPONSE. THEY URGED OTHERS TO BLAME & HATE ME BEFORE I HAD ANY CHANCE TO REPLY! OF COURSE I KNEW THERE ARE FAKE DEFI COINS, BUT I DIDN’T TAKE IT SERIOUSLY SINCE I HAD NO PLAN LAUNDERING THEM. IN THE MEANWHILE, DEPOSITING THE STABLES COULD EARN SOME INTEREST TO COVER POTENTIAL COST SO THAT I HAVE MORE TIME TO NEGOTIATE WITH THE POLY TEAM. | https://etherscan.io/tx/0xd4ee4807c07702a3202f45666983855d7fa22eb1c230e4c1e840fc9389e54729 | ||||||||
| 52 | Aug-11-2021 04:37:37 PM +UTC | 39 | 11/8/2021 16:37:37 | 1,47 Hours | 19 Mins | PolyNetwork | White Hacker | 0xb46f70e398420809e6a1e73274459e720358a1e2d042329883f15fb07d51e51d26fe2be672681b38ad06813ded3f6ae2215b883b73be75b359260a53cdf2ef0135ac60be8d46a15e842ea7398ed0f27ac9a58193bce8a35578af93b8225590a6c33f7054f56e09a434f0c1d5ec8c843904e4d35317000d152159312de0f6416b4c | https://etherscan.io/tx/0x339bee245002f1c41eff7469fe51424d48d6ef856cc81e81d66135e40968f53f | ||||||||
| 53 | Aug-11-2021 04:50:45 PM +UTC | 40 | 11/8/2021 16:50:45 | 1,25 Hours | 20 Mins | PolyNetwork | White Hacker | 0x01eaaf5ac8e047bf4487f64df12f8bb402b38454fb5d1aa866109a98a10ae04a322acdceb300c7a0be13493666e57227a43140dbb61b5407679b52373fe72ff2fabc4dab1cfc7a77424dda7a07773eb6c1fe05e5bbbbaa744adbc6f1a9f0013318e7175061f06e3f6eddf2dbd900ce6437dece609178bc3b4656d0108fa459f50b51709a453f3b0754fbe506b16ae7c66ec8ccb4716eb26c433c066d42540d776d0234983c01dc523dd61a69c2bdbe833ae8108dbf5b8dd0c7a352b87d536c5715 | https://etherscan.io/tx/0x588732ed9ec2861e6300710a9a3dcad20d8da591e7e93da3b556d351da697477 | ||||||||
| 54 | Aug-11-2021 05:13:37 PM +UTC | 41 | 11/8/2021 17:13:37 | 0,87 Hours | 36 Mins | White Hacker | PolyNetwork | I DON’T USE EMAIL. FUCK polyhacker@yandex.com & negotiations@cock.li | https://etherscan.io/tx/0xe926ef4b6f4e3ff1b680df02a6a2456cd9b415d25f051bb894ea3e24cfa864f0 | ||||||||
| 55 | |||||||||||||||||
| 56 |
A technical brief explaining the hacker’s technique
“Poly has a contract called the “EthCrossChainManager”. It’s a privileged contract that has the right to trigger messages from another chain. It’s a standard thing for cross-chain projects.
It has a function named verifyHeaderAndExecuteTx that anyone can call to execute a cross-chain transaction.
It (1) verifies that the block header is correct by checking signatures (seems the other chain was a poa sidechain or) and then (2) checks that the transaction was included within that block with a Merkle proof. Here’s the code.
One of the last things the function does is call executeCrossChainTx, which makes the call to the target contract. This is where the critical flaw sits. Poly checks that the target is a contract, but they forgot to prevent users from calling a very important target… the EthCrossChainData contract
By sending this cross-chain message, the user could trick the EthCrossChainManager into calling the EthCrossChainData contract, passing the onlyOwner check. Now the user just had to craft the right data to be able to trigger the function that changes the public keys”
You must log in to post a comment.