Hackers steal $600 million in biggest cryptocurrency heist

WASHINGTON DC, USA: Hackers have stolen some $600 million in what appears to be one the biggest cryptocurrency heists ever.

Blockchain site Poly Network said hackers had exploited a vulnerability in its system and taken thousands of digital tokens such as Ether.

In a letter posted on Twitter, it urged the thieves to “establish communication and return the hacked assets”.

In scale, the hack is on par with huge recent breaches at exchanges such as Coincheck and Mt Gox.

In its letter, Poly Network said: “The amount of money you have hacked is one of the biggest in defi [decentralised finance] history.

“Law enforcement in any country will regard this as a major economic crime and you will be pursued.

“The money you stole are [sic] from tens of thousands of crypto community members, hence the people.”

Poly Network said a preliminary investigation found a hacker exploited a “vulnerability between contract calls”.

It urged various exchanges to block deposits of the coins after millions of dollars in tokens were transferred to separate cryptocurrency wallets.

About $267 million of Ether currency has been taken, $252 million of Binance coins and roughly $85 million in USDC tokens.

Changpeng Zhao, chief executive of Binance, said his firm was aware of the hack, but added there was only so much he could do.

He said the group was “coordinating with all our security partners to proactively help”.

“There are no guarantees,” he added.

Poly Network is decentralised finance – or Defi – provider, which allows users to transfer tokens tied to one blockchain to a different network.

Cryptocurrency systems such as Ether and Binance were developed independently, so have struggled to work in conjunction with each other.

Losses from fraud in the Defi sector hit an all-time high of $474 million in the first seven months of the year, a report from research company CipherTrace said on Tuesday.

But losses from crime in the overall cryptocurrency market dropped sharply to $681 million, compared to $1.9 billion for the whole of 2020 and $4.5 billion in 2019.

Last week, the US Securities and Exchange Commission (SEC) charged Defi lender Blockchain Credit Partners and two of its top executives for raising $30 million through allegedly fraudulent offerings.

The case is the SEC’s first involving securities in the Defi space.

“We will take legal actions and we urge the hackers to return the assets,” Poly Network said on Twitter.

SlowMist said in a tweet that their researchers had “grasped the attacker’s mailbox, IP, and device fingerprints” and are “tracking possible identity clues related to the Poly Network attacker.”

The researchers concluded that the theft was “likely to be a long-planned, organized and prepared attack.”

DeFi has become a key target for attacks.

From the start of the year until July, DeFi-related hacks totalled $361 million — an increase of nearly three times from the whole of 2020, according to cryptocurrency compliance company CipherTrace.

DeFi-related fraud is also on the rise. In the first seven months of the year, they accounted for 54% of total crypto fraud volume versus 3% for all of last year.