Bitcoin Forum

So basically $600m were stolen from Poly Network platform and it was described as one of the biggest crypto heists in history.
The hackers exploited a vulnerability in the platform which affected BinanceChain, ethereum and 0xPolygon.
It was reported also that the hacker(s) started to return a part of the stolen funds (+$4.8m)!
Source: https://www.cnbc.com/2021/08/11/cryptocurrency-theft-hackers-steal-600-million-in-poly-network-hack.html

Edit: luckily there is no bitcoin direct or indirect (price) damage and exchanges hacks is really annoying and shouldn't happen that frequently!

funny part is
its promoted as DEFi
decentralised finance

promoted as a platform without intermediaries...
yet 'it' gets hacked..

we all know places like exchanges get hacked. but bitcoin cant be hacked.
so if these other networks/platforms are being hacked. then people need to learn from this.

dont be too casual about security when dealing with networks that allow custodians, partnerships and multisigs.

sometimes these swapping mechanisms can have backdoors.
seems the 'attacker' was able to sign transactions that moved the funds to their 3 addresses..

so just be cautious about these other networks pretending to be next level security. because you may find out that are less level security

It was controlled and handle properly so the hack funds didn't manage to sell-off. This is the biggest hack but not the biggest loss since funds is already returned by the hacker. I saw many exchange last night that cooperating to track and detect the user. Luckily the scammer got doxxed and fear on going to jail so Poly Network still got a lucky ass by acting quickly to solve this mess.

There are two more topic created today on Poly Network hack.
1. https://bitcointalk.org/index.php?topic=5353878.0
2. https://bitcointalk.org/index.php?topic=5353928.0

From one of the discussion I found out that the hacker has returned all the money. The reason is probably that the hacker has been identified.

Thanks for pointing out those topics. I already made a search and didn't find them so I assumed I was the first to report it :-X
For the money being returned, yeah it is hard to see that coming unless at least one of the hackers was spotted. In the article I mentioned they were talking about knowing his ip...

I hope that they get on track on it until they find out who's the hacker. They already taken the address where the funds are and I hope that there's no way for these hackers to trade those hacked funds that they've got. It's sad to see that there's another huge hack that has happened again. This is going to reflect again to those no coiners because they will have another reason to think that the crypto market is scary and unsafe.

more than 260 million USD already returned by the hacker to the polynetwork's wallet address that already provided in the tweet

https://twitter.com/PolyNetwork2/status/1425509322126024708?s=20

It seems like all of the funds will be returned in the next days. Probably at the end of this week maybe. Polynetwork was not defi lol.

People should remember that.

Another $342 million (As of 12 Aug 08:18:29 AM +UTC) of assets had been returned:
Ethereum: $4.6M
BSC: $252M
Polygon: $85M
Remaining is $268M on Ethereum

-Maybe the hacker identity leaked. So why he is returning those funds. It was the biggest hack in the history of Crypto!!

Source: https://twitter.com/PolyNetwork2/status/1425733950614360064

AFAIK the identity of the hacker(s) was at least possible to be revealed since they have his logs, ip.. Poly Network warned them to return the money / make a deal or face consequences. Apparently they chose to make a deal after all and avoid being exposed and jailed?

The hacker(s) contacted Poly Network and expressed their intentions to give back the stolen money which accepted obviously this and offered him a $500k reward + dropping all charges against them. Well FBI didn't like the pardoning thing so it might try to follow and catch them. AFAIK until now hackers still hold a part of the stolen funds.

There was a firm that already claimed that they already identified the hacker's ID, IP even finger print that has ever used by the hacker. Dealing with the big party was not a good thing. He can be jailed anytime.
that's why the hacker was returning back the amounts.
It seems like he will be taking the bounty rather than try to keep the funds. USDT is the only asset that was still holding by him since it already frozen on his wallet.

Some of the hackers have started to return the stolen funds, but until now they are still being monitored so that hackers will continue to be furious with these accusations, but how does this continue, hackers are afraid if this problem is delegated to the FBI in theory this problem will keep running. Wow that's really scary.

$342 million has been refunded including in BSC and Polynetwork addresses, while what hasn't been refunded is from the Ethereum Wallet and this is still almost half of it.

Source: https://twitter.com/PolyNetwork2/status/1425733950614360064?s=09

Is there any update regarding the remaining assets that the hacker not yet return? I tried to check the poly network Twitter page but nothing was found related to this. I found an interesting bug bounty there, Poly Network Joins Immunefi With $100,000 Bug Bounty After Hack (https://medium.com/immunefi/poly-network-joins-immunefi-with-100-000-bug-bounty-after-hack-d349e1192853)

Also here is the latest(AUG 17）poly network updated: https://medium.com/poly-network/latest-updates-aug-17-241398d64a40 Still they are waiting for the remaining asset, Also poly network team wants Mr. White Hat to be the Chief Security Advisor of Poly Network. For more information: https://medium.com/poly-network/latest-updates-aug-17-241398d64a40

This is the usual thing that happens when there's a hack that happens not only in crypto but as well as in corporate world. There are those companies that are open to hiring those hackers because of the talent and what they did.
While these companies became a victim of it, they see the potential that these hackers can do if it's for the better and if they'll be employed. I don't think this is a bait for the hacker but a legitimate offer.

It's a good idea to save this project. Mr. White Hat is a very talented person, He finds out the bug and uses it to hack the polynetwork. If he joins Poly Network it would be nice for this project. Mr. White Hat is needed to survive this kind of hack in the future.

i think he should inform the team or publish a paper about it instead of hacking it on his own. who knows, maybe in an alternate timeline he'll just run away instead of returning the funds. he's not hired for pen-testing, if he really wanted to do it then maybe he can play on testnet.

Indeed, showing the whole world his ability won't make him (or them BTW) famous. The ideal thing is to inform the company about the glitch and get a reward for it. With his current action and even if we consider Poly Network pardoning him and offering a job, the legal system might not pardon him and Attorney General could follow him in justice for that theft.

It was a better approach if he made an email to them telling them that they got vulnerability. Maybe he already did this and he's been ignored and resulted into this.
I haven't read the article about the whole story of this hacking incident but it's such a pain that many have been affected with such hacks, not only this incident but the others too. But on this one, he has sent it back. Did he already returned most funds?

Not something new and i've been always anticipating for these kind of events or incidents that could really happen from time to time here on this market. Exchange platforms or any other service that does involves
big money would always be looking to be a honey pot for those hackers.They would  really be doing all sorts of things for the sake of getting hundreds of millions if they are successful.

This is why i cant really trust up on storing into some custodial services but there are instances like huge hack of coins will surely be affected the market price and its inevitable
when those coins are started to be converted.

Expect the unexpected and even it do sucks and annoying but still they would really existing no matter what.

If that is the case, sounds like a relieve for the platform involved and all community members supporting the project, honestly the frequent hack of defi platform is alarming and needs urgent attention, am still in wonder how the so-called firm is able to gather all this information of the hacker within short time, it looks like this hacker is not very smart to cover his/her trail, now he will be facing justice for his crime.

Another bad news and based on news from Cointelegraph that the Liquid Global exchange has now been hacked again with a sum of $80 million and it's huge that this exchange is also suspending all deposits and withdrawals, imagine how users need their funds to be very difficult to retrieve, and this is the risk when depositing funds on the exchange.

Until now hackers are still taking large amounts of money while Liquid said they are moving funds to cold wallets.

Source
https://cointelegraph.com/news/breaking-liquid-exchange-hacked-to-the-tune-of-80-million
https://twitter.com/Liquid_Global/status/1428176357515612165

This recent incident has once again brought to the front burner the issue of security. DeFi definitely holds a lot of promises and potential, but these can be threatened by hacks. This is why crypto startups should not be in a rush to deploy until it is well audited.

Then again, the integrity and reputation of these security audit firms are being called to question with reoccurring hack events. While nothing is guaranteed in crypto investment, nobody wants to lose their money.

107 bitcoin in one on the hacker addresses! That's shameful since this isn't the first nor the last incident happening without feeling that exchanges are taking the necessary measures to stop or at least limiting these hacks attempts...

This is bad news, a series of hacking. These hackers never stop with their ill intentions of robbing millions of money from these legitimate businesses.
I hope that this is going to have the same retrieval and sending back as poly network.  :-\