Wiser! Essays: The Poly Network hack shows that crypto hacking is very hard to get away with.
When the Poly Network was hacked on August 10th to the tune of around $600 million in cryptocurrency, it was believed to be the largest crypto hack ever!
The previous "largest-ever" hack was in 2014 when 850,000 Bitcoin were stolen from the Mt Gox crypto exchange. That was worth about $450 million back then but in today's money, its value would be north of $34 trillion!
The hacker was about to exploit a vulnerability in the Poly Network protocol.
Who/What is Poly Network?
Poly Network is a protocol that allows different blockchain networks to connect and work together. It is particularly important in decentralised finance, aka DeFi, where tokens are swapped between different blockchain networks.
Putting the technical jargon to one side, in layman's terms, it's a bit like when you want to transfer dollars from a US bank account into Euros in a European bank account. Behind the scenes, there is a lot of activity as one party hands off another in order to move your money, and charge you for the privilege. This is often referred to as "friction".
In the world of cryptocurrency and decentralised finance, a lot of this friction is removed/reduced because of the way the digital assets are moved around. But just like changing your dollars into euros, there has to be a standard method to make the exchange. This is the protocol.
What Poly Network does is broadly the same. They enable the exchange of one asset in one system into another asset in a different one.
Can we have our crypto back, please?
Shortly after tweeting that they'd been hacked, Poly Network issued this open letter, asking the hackers to "return the hacked assets".
And they did!
By 11 am ET on the 11th of August, $258 million had been returned.
But why go to the trouble of stealing it only to give it straight back?
Because cryptocurrency is a digital asset. Unlike a banknote with a serial number printed on it that is impossible to trace once it leaves the issuing bank, a digital asset leaves a digital footprint.
Everywhere it goes.
Within hours, blockchain security experts SlowMist tweeted that they had "grasped the attacker's mailbox, IP and device fingerprints" and are "tracking possible identity clues related to the Poly Network attacker".
For the technically minded, here is the blogpost from SlowMist called The Root Cause of Poly Network Being Hacked.
Bottom line in crypto hacking
It's very hard to get away with!
Even if the attacker has the technical capabilities to be able to make the hack, they are then faced with the near-impossible task of laundering the stolen digital assets and cashing them in.
Once compromised in this way, these digital assets can be immediately tagged as impaired and blacklisted across all the operating networks.