Abstract：PolyNetwork was exploited in maybe the biggest hack in the short history of DeFi. Let’s have a closer look at how it actually happened, and what investors should verify before investing in DeFi projects and protocols.
PolyNetwork was exploited in maybe the biggest hack in the short history of DEFI. Let's have a closer look at how it actually happened, and what investors should verify before investing in DeFi projects and protocols.
PolyNetwork, an interoperability protocol enabling atomic-cross chain transactions between multiple major blockchains, was just exploited to steal $600 million worth of investor's crypto on Polygon, BINANCE Smart chain, and ETHereum.
What Exactly Happened？
As reported by CryptoPotato earlier today, PolyNetwork announced that they had been attacked at 8:38 am EST. They immediately listed the addresses to which the anonymous hacker had transferred their funds on the ETH, BSC, and Polygon networks, and called upon miners of the affected exchanges to blacklist them.
The ETH, BSC, and Polygon addresses involved show volumes of $266.5M, $252M, and $85M worth of crypto assets, respectively.
In dollar value terms, this DeFi hack is comparable to the Mt. Gox and BitFinex exchange hacks, which resulted in $500M and $750M of stolen funds at the time of the hacks.
CEO of crypto exchange OKEX, Jay Hao, has reassured victims that he is addressing the situation:
“@OKEx is already on the case. Were watching the flow of coins, and will do our best to manage the situation. Our wallet team will get in touch if we need more information.”
Analysis shows that the nature of the hack was a traditional compromising of users private keys, which was made easier due to Smart Contract design decisions by PolyNetwork.
An involved smart contract belonging to the company used a single keeper wallet, which allowed the hacker to sign off on a contract transferring all funds to his address, after obtaining the relevant private key, which may have been done through various methods. PolyNetwork has also not verified their smart contracts using Etherscan.
How Do Investors Avoid This？
As a growing field, DeFi still has many problems to sort out, and future scams, hacks, and exploits are highly likely to take place in the near term. CryptoPotato has outlined some best practices to protect investors from malicious actors seeking to compromise their assets.
These include ensuring that smart contracts of your chosen investment project have been audited by tech-savvy auditing organizations with pristine track records. Such precautions could have saved many investors in the case of this recent, historically large hack.
DeFi exploits of 2021. Image by CryptoPotato
WikiBit 2022-08-16 20:46
WikiBit 2022-08-16 18:39
WikiBit 2022-08-16 12:49
WikiBit 2022-08-17 14:21
WikiBit 2022-08-17 20:11
WikiBit 2022-08-18 18:54
WikiBit 2022-08-16 19:14
WikiBit 2022-08-18 20:25
WikiBit 2022-08-17 17:52