It has been reported that Poly Network has been hacked and around $600 million stolen. This appears to be the largest cryptocurrency heist ever recorded. Poly Network is a blockchain platform which allows users swap different types of digital tokens (what is known as a decentralized finance platform).
Poly Network was launched by the founders of Chinese blockchain project Neo. The exact base and ownership of the operation is not transparent. With the cyberattack, the attackers stole funds in more than 12 different cryptocurrencies, including ether and a type of bitcoin.
It seems there were technical flaws and weaknesses in the computer code that resulted in the service being vulnerable to an aggressive type of hack.
Looking into this new form of crime for Digital Journal is Dave Klein, Director, Cyber Evangelist, at Cymulate.
According to Klein as the use of cryptocurrency expands and the system of trading becomes more complex, this makes the monetary system more attractive and potentially the growing complexity is creating loop holes.
Klein says: “Like any financial transaction system, it seems that cryptocurrency is adding protocols to streamline transactions and make them more efficient. The Poly Network was a protocol to make transactions between various cryptocurrencies easier, in a similar vein to SWIFT for banking transactions.”
With the specific issue, Klein notes: “In this case, hackers found vulnerabilities within the Poly Network protocol to steal $625 million dollars’ worth of transactions. The most likely source is APT 38 – North Korean attackers that have focused on monetary theft, the architects of the largest SWIFT banking thefts in the U.S. and abroad.”
If it is this hacker group involved, then there are on-going concerns about the scope of their activities. Klein acknowledges: “They also have stolen billions of dollars of cryptocurrency from several crypto currency exchanges over the last few years.”
However, the hackers have acted in an unexpected way. A day after the incident, the hackers returned more than a third of $613 million in digital coins they stole.
According to Reuters, an apparent representative from the attack said they did it “for fun”, and they had the aim of wanting to “expose the vulnerability” before others could exploit it.
