Matrix streaming characters

About the Poly Network hack

A cryptocurrency platform has lost an estimated $600 million in digital tokens in one of the the biggest ever cyberheists. Poly Network, a decentralized platform that facilitates peer-to-peer transactions, announced the hack on Twitter and posted details of digital wallets to which it said the money was transferred, urging people to blacklist tokens from those addresses.

The value of the tokens in the wallets cited by the platform was just over $600 million at the time of the announcement. Poly Network says it plans to take legal action and urged the hackers to return the stolen funds to several of its digital addresses.

The plea looked to be gaining some traction, with around $4.8 million in stolen tokens returned by Wednesday afternoon, according to public blockchain records and crypto tracking firm Elliptic. Analysts cited the headaches of laundering stolen crypto on such a scale as a possible motivation for the move.

The theft appeared to be one of the biggest ever in cryptocurrency markets, and was on a par with the $530 million in digital coins stolen from Tokyo-based exchange Coincheck in 2018. The Mt. Gox exchange, also based in Tokyo, collapsed in 2014 after losing half a billion dollars in bitcoin.

Poly Network allows users to swap tokens across different blockchains.

“It is a massive hack … as large as Mt. Gox,” said Bobby Ong, co-founder of crypto analytics website CoinGecko, although he noted the fallout had not yet hurt major crypto prices. “This project is finished in my opinion. (It is) going to take a lot to regain confidence.”

Technical details of the Poly Network hack

Address stolen funds were sent to

Stolen funds are located in these wallets:

Attacker ETH: 0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963

Attacker BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71

Chains that were exploited

The hacker exploited the Proxy Lock Contracts of Poly Network on three different chains.

Ethereum:0x250e76987d838a75310c34bf422ea9f1ac4cc906

BSC:0x05f0fDD0E49A5225011fff92aD85cC68e1D1F08e

Polygon:0x28FF66a1B95d7CAcf8eDED2e658f768F44841212

Cryptocurrencies the hacker stole

On the Ethereum blockchain, the hacker stole

USDC – 96,389,444

WBTC – 1,032

DAI – 673,227

UNI – 43,023

SHIBA – 259,737,345,149

renBTC- 14.47

USDT – 33,431,197

wETH – 26,109

FEI USD – 616,082

On BSC, the hacker stole:

BNB – 6,613.44

USDC – 87,603,373

ETH – 299

BTCB – 26,629

BUSD – 1,023

On the Polygon blockchain, the hacker stole:

USDC – 85,089,610

The hacker’s communications with Poly Network

The attacker first turned to tornado.cash to launder the money. They sent this transaction which was found to be tied to FTX, Binance, and Okex accounts.:

Here is a summary of the hacker’s communications with Poly Network.

 zone UTCRound11/08/2021 18:05:51PassDelayfromToContentHashAmountTokenChainRefundRefundRefund
14Aug-10-2021 02:36:01 PM +UTC110/8/2021 14:36:0127,5 HoursPolyNetworkWhite HackerCan you connect us? [email protected]https://etherscan.io/tx/0xf6488e1efacd9c280eb91133d04ba357beca8016df8b0b0524b9a2e207b2ad7f100 USDC
15Aug-10-2021 03:26:28 PM +UTC210/8/2021 15:26:2826,66 Hours51 MinsWhite HackerPolyNetworkWONDER WHY TORNADO? WILL MINER STOP ME? TEACH ME PLZ!https://etherscan.io/tx/0x3a09c98f99edd9601ed017ff269652fd80c7e9aedcea571269900311288510431.000 USDC
16Aug-10-2021 04:05:47 PM +UTC310/8/2021 16:05:4726 Hours39 MinsWhite HackerPolyNetworkIT WOULD HAVE BEEN A BILLION HACK IF I HAD MOVED REMAINING SHITCOINS! DID I JUST SAVE THE PROJECT?
NOT SO INTERESTED IN MONEY, NOW CONSIDERING RETURNING SOME TOKENS OR JUST LEAVING THEM HERE
https://etherscan.io/tx/0x552bc0322d78c5648c5efa21d2daa2d0f14901ad4b15531f1ab5bbe5674de34f1.000.000 USDC
17Aug-10-2021 04:25:57 PM +UTC410/8/2021 16:25:5725,67 Hours20 MinsPolyNetworkWhite HackerWe can offer you a security bounty when you return all the remaining assets.We will provide a secure address through e-mail.https://etherscan.io/tx/0x6b174ace1a83530bd2f33f07b213536699418b533cf2d3685556cf126e7061d823.88 BTCB
18Aug-10-2021 04:39:03 PM +UTC510/8/2021 16:39:0325,45 Hours13 MinsWhite HackerPolyNetworkWHAT IF I MAKE A NEW TOKEN AND LET THE DAO DECIDE WHERE THE TOKENS GOhttps://etherscan.io/tx/0x4c102e972301b999318df70e3d3a067994dcc83951f07f7f37c45ff7e922beec1000 BTCB616.082 FEI
19Aug-10-2021 04:48:57 PM +UTC610/8/2021 16:48:5725,28 Hours10 MinsPolyNetworkWhite HackerThe decision made by DAO can’t changed the fact that the assets are stolen from crypto believers.We want to offer a security bounty and we hope it will be remembered as the biggest white hat hack in the history.https://etherscan.io/tx/0xe72e56fa6392b5cae82997aa24d3b668b8a0fba04afb543ea4e7f50295d439d226629 ETH259,737,345,149 SHIBA
20Aug-11-2021 03:48:18 AM +UTC711/8/2021 03:48:1814,29 Hours662 MinsWhite HackerPolyNetworkREADY TO RETURN THE FUND!https://etherscan.io/tx/0x7b6009ea08c868d7c5c336bf1bc30c33b87a0eedd59dac8c26e6a8551b20b68a119,664,866 BUSD14.47 renBTC
21Aug-11-2021 03:49:11 AM +UTC811/8/2021 03:49:1114,28 Hours1 MinsWhite HackerPolyNetworkFAILED TO CONTACT THE POLY. I NEED A SECURED MULTISIG WALLET FROM YOUhttps://etherscan.io/tx/0x79245fb1d1ae48a214118e25d6ad2f9324f514ec6708135a19ba9d4cfa6344f66620 BNB
22Aug-11-2021 04:02:06 AM +UTC911/8/2021 04:02:0614,06 Hours13 MinsWhite HackerPolyNetworkIT’S ALREADY A LEGEND TO WIN SO MUCH FORTUNE. IT WILL BE AN ETERNAL LEGEND TO SAVE THE WORLD. I MADE THE DECISION, NO MORE DAOhttps://etherscan.io/tx/0xd239b01026c49b234d075e3d23a07efd1c3234239cfb440c0f90d5e84836fbe2
23Aug-11-2021 04:07:48 AM +UTC1011/8/2021 04:07:4813,97 Hours6 MinsPolyNetworkWhite HackerWe are preparing a multi-sig address controlled by known Poly addresseshttps://etherscan.io/tx/0x910b00b2b60b76d7c29a1855f9a1ebf204356eed22498334ddd46e46d96e06c2
24Aug-11-2021 04:59:05 AM +UTC1111/8/2021 04:59:0513,11 Hours51 MinsPolyNetworkWhite HackerHope you will transfer assets to addresses below:
ETH: 0x71Fb9dB587F6d47Ac8192Cd76110E05B8fd2142f
BSC: 0xEEBb0c4a5017bEd8079B88F35528eF2c722b31fc
Polygon: 0xA4b291Ed1220310d3120f515B5B7AccaecD66F17
https://etherscan.io/tx/0xf25ad2da525da68e7e254ecb5d780ae2c64f4df442baa14832fcbdff65dfb193
25Aug-11-2021 07:50:12 AM +UTC1211/8/2021 07:50:1210,26 Hours172 MinsWhite HackerPolyNetworkACCEPT DONATIONS TO “THE HIDDEN SIGNER” NOW. ENCRYPT YOUR MSG WITH HIS PUBKEY.https://etherscan.io/tx/0x160231043b80c7824f658b3621163ebcc537ff29ad1dfb3572e658ebf0ddc2fd
26Aug-11-2021 08:43:57 AM +UTC1311/8/2021 08:43:579,37 Hours54 MinsWhite HackerREFUND100$ To Polygon (By USDC)https://polygonscan.com/tx/0x74403d359c6eb79acbfe24ddbbab60cccdf4cc8db64709576ed972f707ce52eb100USDCPolygon
27Aug-11-2021 08:46:43 AM +UTC1411/8/2021 08:46:439,32 Hours3 MinsWhite HackerREFUND1.000$ To Polygon (By USDC)https://polygonscan.com/tx/0x444561661539983b434f064dbaf1f0ef160def0baf201e61946384f11110991010.000USDCPolygon
28Aug-11-2021 08:58:23 AM +UTC1511/8/2021 08:58:239,12 Hours12 MinsWhite HackerREFUND1.000.000$ To Polygon (By USDC )https://polygonscan.com/tx/0x7033942dde965ad6ee5acbd16e068df8c6187d7c0782055f870994a95cb058c41.000.000USDCPolygon
29Aug-11-2021 09:45:52 AM +UTC1611/8/2021 09:45:528,33 Hours48 MinsPolyNetworkWhite HackerYou are moving things to the right direction. We received 1+M USDC on Polygon. Did you ask us to encrypt the receiving addresses with your BookKeeper public key?https://etherscan.io/tx/0x59451c04dd5809958100c20a1263b7c1c6fc5080b38163b5117557418a473c47
30Aug-11-2021 09:47:55 AM +UTC1711/8/2021 09:47:558,3 Hours2 MinsWhite HackerREFUND0.6$ To BSC ( by USDC )https://bscscan.com/tx/0xd19b96776e7e321ce1b03ccb8f96dcbceae0c4ef3e52f0eaf644b540e683b7071USDCBSC
31Aug-11-2021 09:48:28 AM +UTC1811/8/2021 09:48:288,29 Hours1 MinsWhite HackerREFUND38$ To BSC ( by BUSD )https://bscscan.com/tx/0x222e665ed61d9c722c5fdfaa6330d9fbd919c77e1edc6534be1650cf926668b038BUSDBSC
32Aug-11-2021 09:49:10 AM +UTC1911/8/2021 09:49:108,28 Hours1 MinsWhite HackerREFUND1.000.000$ To BSC ( by BTCB )https://bscscan.com/tx/0x8537ce0fb13a9aae72a531b14838a59b9232bb3db8d65857f5e9b55bfbf3108d23,88BTCBBSC
33Aug-11-2021 10:54:38 AM +UTC2011/8/2021 10:54:387,19 Hours66 MinsWhite HackerREFUND622.000$ To ETHCHAIN ( by FEI )https://etherscan.io/tx/0xd3327a266add4ec655ef5fe00fd042bdcdf1b886c26af3b5dd21b2e4ec9bde49616.082FEIETH Chain
34Aug-11-2021 10:59:14 AM +UTC2111/8/2021 10:59:147,11 Hours5 MinsWhite HackerREFUND2.000.000$ To ETHCHAIN ( by SHIBA )https://etherscan.io/tx/0x4d0c93ca9746d1c8a80c0ecf58bd5bba66654fefae3df320b4d138405d0cbc0e259.737.345.149SHIBAETH Chain
35Aug-11-2021 12:07:35 PM +UTC2211/8/2021 12:07:355,97 Hours69 MinsWhite HackerPolyNetworkDONATE TO 0xA87fB85A93Ca072Cd4e5F0D4f178Bc831Df8a00B IF YOU SUPPORT MY DECISION, ENCRYPT YOUR MSG WITH HIS PUBKEY IF YOU WANT TO TALKhttps://etherscan.io/tx/0x87715ad26621431c2c27f44d9214798e0c81a97d938ba5d4580dcd72f07ec6a8
36Aug-11-2021 12:12:16 PM +UTC2311/8/2021 12:12:165,89 Hours5 MinsWhite HackerPolyNetworkDUMPING SHITCOINS FIRST!
HOW ABOUT UNLOCKING MY USDT AFTER RETURNING ENOUGH USDC?
https://etherscan.io/tx/0xa7cd9cb0211942998602e22ad6f7fd7d9c1eef9515f4e4154a76237d5fd71aa3
37Aug-11-2021 01:15:56 PM +UTC2411/8/2021 13:15:564,83 Hours64 MinsWhite HackerPolyNetwork{“iv”:”be1fb3ba513b8779f7a38525cf118fae”,”ephemPublicKey”:”04a35ba379dc4922a7fbf2f7d64be16b8096c78d3a17f40dab1c07928c178f8476663d032f6920a3f9467af8908a5de3594779e59a32fa320286a4ba028554c076″,”ciphertext”:”d8d60653f3fa30b31f2ebb40cc8ba697e45f59f4e976f1b84d7382a3a1aced6b”,”mac”:”393423c5f65ffa52e09d97dda25acd32d39efe157a1a334539ae047d0397043d”}https://etherscan.io/tx/0x64eb495eba8b2000181498910748614dbd2c4bd7d6997af20cdb92c2518b2bce
38Aug-11-2021 01:17:08 PM +UTC2511/8/2021 13:17:084,81 Hours1 MinsWhite HackerPolyNetwork0b156682321ad8b4307c76b60dac7650022f314a319f3e17d5e83718dbc305d6a1bcf0461b0eeb1c15b24994ae1deca1305f99dc9d294b926c4b9ade2718478a1f364a395f6a253da2a1561807540a2193974b134ba2be616b810e899c5df21aa2https://etherscan.io/tx/0x69534e330c5f8529759272b86e90bbacf7a5c4082683064c471e5539eacf53ba
39Aug-11-2021 02:01:41 PM +UTC2611/8/2021 14:01:414,07 Hours45 MinsWhite HackerREFUND1000 BTC To BSChttps://bscscan.com/tx/0x933dc403b49fb5ed26b364d181ecc036b1ab2056ed3f43b37391b0c6509633c01.000BTCBBSC
40Aug-11-2021 02:03:37 PM +UTC2711/8/2021 14:02:374,05 Hours1 MinsWhite HackerREFUND26,629.17 ETH To BSChttps://bscscan.com/tx/0x6e2317a437e7804b211ab03a11d61bf68d4fd3b87a5d0deb76d87febddca262b26.629ETHBSC
41Aug-11-2021 02:17:35 PM +UTC2811/8/2021 14:17:353,8 Hours15 MinsWhite HackerREFUND119mil BUSD To BSChttps://bscscan.com/tx/0xec9507edd4c928eb64e59fe2c6dd605ac58792729ff30b0911939bfef0ad6278119,664,866BUSDBSC
42Aug-11-2021 02:19:33 PM +UTC2911/8/2021 14:19:333,77 Hours17 MinsWhite HackerREFUND10 BNB To BSChttps://bscscan.com/tx/0xb5a0f3787d56d6b71d711659d070b13a506710e7a6d06487fbb57f9f953770c210BNBBSC
43Aug-11-2021 02:23:47 PM +UTC3011/8/2021 14:23:473,7 Hours6 MinsWhite HackerREFUND6610 BNB To BSChttps://bscscan.com/tx/0xc1fb5ab331cb90b6efd55f86d41e400c1119e3d077dfc059f6999c875f1e63606.610BNBBSC
44Aug-11-2021 02:37:21 PM +UTC3111/8/2021 14:37:213,48 Hours18 MinsWhite HackerPolyNetwork01c1d99be69552fad96069174147a8f5022e526cfb3644d2bcd07adccdd55a00b4e7f3c63273713f4c1839276b56a0f8a4e1928c2b9831bbd6442734752d96a5c28dcbc7a7e5c29c23f7aff6e49e2fe9b37881876756924ea9050392fe847e700abb5db4064270862f35df23b5aa14278e80814a873b1d0c23665b08f757fc081d716f64c344a17126b56232a9476c9542695e5fefdb676c9a1c16879b088bf32b7e2afa123a53e3373366f36db7a5cacde1246ba160c455b249077a21cce40df894054fbc996c9f1cb1ef5d71ba621c5485cb411c77953adbf7ecbc0040b5c28ahttps://etherscan.io/tx/0x62d376fbb95367ba95d046c0c041531e320e93526fc282da5a1a65dacc885f47
45Aug-11-2021 02:39:22 PM +UTC3211/8/2021 14:39:223,44 Hours16 MinsWhite HackerPolyNetworkJUST DUMPED ALL ASSETS ON BSC & POLYGON.
HACKING FOR GOOD, I DID SAVE THE PROJECT
https://etherscan.io/tx/0x3de5a4eb6c1953ce2d0422bc5d0d16b2d9e54316cf0784bb793b3c67f09387b7
46Aug-11-2021 03:08:15 PM +UTC3311/8/2021 15:08:152,96 Hours31 MinsWhite HackerPolyNetwork4e7ebea396547cae74d0dea5f6d60e3c02e04ee7f52b31936d56c19bef1c619301765f766a4a879dc089302f2623bbaa50c390932141773bff1a83b6140b8bab73c4a768f0526e5b1be79d1893b608548fc759108f374eccdfab9401f89b77915c2b70b031388b515891567456348008c6e520cb80d7d4daddf3dcac9ee164b73515ac57a88da0470a9e9f6b1b0c634aa1https://etherscan.io/tx/0x4d6490b47a82e548236b4448713a973d833e439ad9fff76513d38ad2f7cb4fa5
47Aug-11-2021 03:19:39 PM +UTC3411/8/2021 15:19:392,77 Hours40 MinsWhite HackerPolyNetwork14.47 renBTC To ETH Chainhttps://etherscan.io/tx/0xd916036ed3f4fd356e32faf7a0849834e54d7555383c372058226cb32705916b14.47renBTCETH Chain
48Aug-11-2021 03:24:33 PM +UTC3511/8/2021 15:24:332,69 Hours16 MinsPolyNetworkWhite Hacker0x35b6fd7cab004eb2f3c225982540189f028057d66e3f07a46547b2de92c68750bd53ddf6290b016f1d8d1d9bccb124d691f5cf6737a105006bf00cea4aa421555ab11b03e8a39b369436977abbbd1260b827efd9a269c7fdb9e2773f6c9f4f861fb47e337bd5b045a87bd734c2c772b5a2f8f841678e0826342f56cc201594d3ddf5f91fbebeb6c4431fe929adebce701669a33e0b5c36866c9e49a1e0ba09188chttps://etherscan.io/tx/0x7a924cf530150ba0d0d8b063f33a812ccf7564d347c193d03ad3b728c5fc6ab2
49Aug-11-2021 03:57:28 PM +UTC3611/8/2021 15:57:282,14 Hours38 MinsWhite HackerPolyNetwork
Q & A, PART ONE:

Q: WHY HACKING?
A: FOR FUN 🙂

Q: WHY POLY NETWORK?
A: CROSS CHAIN HACKING IS HOT

Q: WHY TRANSFERING TOKENS?
A: TO KEEP IT SAFE.

WHEN SPOTTING THE BUG, I HAD A MIXED FEELING. ASK YOURSELF WHAT TO DO HAD YOU FACING SO MUCH FORTUNE. ASKING THE PROJECT TEAM POLITELY SO THAT THEY CAN FIX IT? ANYONE COULD BE THE TRAITOR GIVEN ONE BILLION! I CAN TRUST NOBODY! THE ONLY SOLUTION I CAN COME UP WITH IS SAVING IT IN A _TRUSTED_ ACCOUNT WHILE KEEPING MYSELF _ANONYMOUS_ AND _SAFE_.

NOW EVERYONE SMELLS A SENSE OF CONSPIRACY. INSIDER? NOT ME, BUT WHO KNOWS? I TAKE THE RESPOSIBILITY TO EXPOSE THE VULNERABILITY BEFORE ANY INSIDERS HIDING AND EXPLOITING IT!

Q: WHY SO SOPHISTICATED?
A: THE POLY NETWORK IS DECENT SYSTEM. IT’S ONE OF THE MOST CHALLENGING ATTACKS THAT A HACKER CAN ENJOY. AND I HAD TO BE QUICK TO BEAT ANY INSIDERS OR HACKERS, I TOOK IT AS A BONUS CHALL 🙂

Q: ARE YOU EXPOSED?
A: NO. NEVER. I UNDERSTOOD THE RISK OF EXPOSING MYSELF EVEN IF I DON’T DO EVIL. SO I USED TEMPORARY EMAIL, IP OR _SO CALLED_ FINGERPRINT, WHICH WERE UNTRACABLE. I PREFER TO STAY IN THE DARK AND SAVE THE WORLD.
https://etherscan.io/tx/0x1fb7d1054df46c9734be76ccc14fa871b6729e33b98f9a3429670d27ec692bc0
50Aug-11-2021 04:18:39 PM +UTC3711/8/2021 16:18:391,79 Hours54 MinsPolyNetworkWhite HackerWe appreciate your returning of assets and the explanation of your motivation. We would like to work with you to resolve the current and future security issues of PolyNetwork. Please complete the returning of assets as you promised and let’s move on.https://etherscan.io/tx/0xf59c47f47e6f19acc60bea81f6bde2ca41ecefaddc797bdb7fa6a8651aede384
51Aug-11-2021 04:31:12 PM +UTC3811/8/2021 16:31:121,58 Hours34 MinsWhite HackerPolyNetworkQ & A, PART TWO:

Q: WHAT REALLY HAPPENED 30 HOURS AGO?
A: LONG STORY.

BELIEVE IT OR NOT, I WAS _FORCED_ TO PLAY THE GAME.

THE POLY NETWORK IS A SOPHISTICATED SYSTEM, I DIDN’T MANAGE TO BUILD A LOCAL TESTING ENVIRONMENT. I FAILED TO PRODUCE A POC AT THE BEGINNING. HOWEVER, THE AHA MOMEMNT CAME JUST BEFORE I WAS TO GIVE UP. AFTER DEBUGGING ALL NIGHT, I CRAFTED A _SINGLE_ MESSAGE TO THE ONTOLOGY NETWORK.

I WAS PLANNING TO LAUNCH A COOL BLITZKRIEG TO TAKE OVER THE FOUR NETWORK: ETH, BSC, POLYGON & HECO. HOWEVER THE HECO NETWORK GOES WRONG! THE RELAYER DOES NOT BEHAVE LIKE THE OTHERS, A KEEPER JUST RELAYED MY EXPLOIT DIRECTLY, AND THE KEY WAS UPDATED TO SOME WRONG PARAMETERS. IT RUINED MY PLAN.

I SHOULD HAVE STOPPED AT THAT MOMENT, BUT I DECIDED TO LET THE SHOW GO ON! WHAT IF THEY PATCH THE BUG SECRETLY WITHOUT ANY NOTIFICATION?

HOWEVER, I DIDN’T WANT TO CAUSE _REAL_ PANIC OF THE CRYPTO WORLD. SO I CHOSE TO IGNORE SHIT COINS, SO PEOPLE DIDN’T HAVE TO WORRY ABOUT THEM GOING TO ZERO. I TOOK IMPORTANT TOKENS (EXCEPT FOR SHIB) AND DIDN’T SELL ANY OF THEM.

Q: THEN WHY SELLING/SWAPPING THE STABLES?
A: I WAS PISSED BY THE POLY TEAM FOR THEIR INITIAL REPONSE.

THEY URGED OTHERS TO BLAME & HATE ME BEFORE I HAD ANY CHANCE TO REPLY! OF COURSE I KNEW THERE ARE FAKE DEFI COINS, BUT I DIDN’T TAKE IT SERIOUSLY SINCE I HAD NO PLAN LAUNDERING THEM.

IN THE MEANWHILE, DEPOSITING THE STABLES COULD EARN SOME INTEREST TO COVER POTENTIAL COST SO THAT I HAVE MORE TIME TO NEGOTIATE WITH THE POLY TEAM.
https://etherscan.io/tx/0xd4ee4807c07702a3202f45666983855d7fa22eb1c230e4c1e840fc9389e54729
52Aug-11-2021 04:37:37 PM +UTC3911/8/2021 16:37:371,47 Hours19 MinsPolyNetworkWhite Hacker0xb46f70e398420809e6a1e73274459e720358a1e2d042329883f15fb07d51e51d26fe2be672681b38ad06813ded3f6ae2215b883b73be75b359260a53cdf2ef0135ac60be8d46a15e842ea7398ed0f27ac9a58193bce8a35578af93b8225590a6c33f7054f56e09a434f0c1d5ec8c843904e4d35317000d152159312de0f6416b4chttps://etherscan.io/tx/0x339bee245002f1c41eff7469fe51424d48d6ef856cc81e81d66135e40968f53f
53Aug-11-2021 04:50:45 PM +UTC4011/8/2021 16:50:451,25 Hours20 MinsPolyNetworkWhite Hacker0x01eaaf5ac8e047bf4487f64df12f8bb402b38454fb5d1aa866109a98a10ae04a322acdceb300c7a0be13493666e57227a43140dbb61b5407679b52373fe72ff2fabc4dab1cfc7a77424dda7a07773eb6c1fe05e5bbbbaa744adbc6f1a9f0013318e7175061f06e3f6eddf2dbd900ce6437dece609178bc3b4656d0108fa459f50b51709a453f3b0754fbe506b16ae7c66ec8ccb4716eb26c433c066d42540d776d0234983c01dc523dd61a69c2bdbe833ae8108dbf5b8dd0c7a352b87d536c5715https://etherscan.io/tx/0x588732ed9ec2861e6300710a9a3dcad20d8da591e7e93da3b556d351da697477
54Aug-11-2021 05:13:37 PM +UTC4111/8/2021 17:13:370,87 Hours36 MinsWhite HackerPolyNetworkI DON’T USE EMAIL. FUCK [email protected] & [email protected]https://etherscan.io/tx/0xe926ef4b6f4e3ff1b680df02a6a2456cd9b415d25f051bb894ea3e24cfa864f0
55
56

A technical brief explaining the hacker’s technique

“Poly has a contract called the “EthCrossChainManager”. It’s a privileged contract that has the right to trigger messages from another chain. It’s a standard thing for cross-chain projects.

It has a function named verifyHeaderAndExecuteTx that anyone can call to execute a cross-chain transaction.

It (1) verifies that the block header is correct by checking signatures (seems the other chain was a poa sidechain or) and then (2) checks that the transaction was included within that block with a Merkle proof. Here’s the code.

One of the last things the function does is call executeCrossChainTx, which makes the call to the target contract. This is where the critical flaw sits. Poly checks that the target is a contract, but they forgot to prevent users from calling a very important target… the EthCrossChainData contract

By sending this cross-chain message, the user could trick the EthCrossChainManager into calling the EthCrossChainData contract, passing the onlyOwner check. Now the user just had to craft the right data to be able to trigger the function that changes the public keys”