At least $611 million stolen in massive cross-chain hack

Cross-chain protocol Poly Network has been hacked for $611 million in the largest DeFi hack to date.

“We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon,” tweeted Poly Network today, adding, “We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses.“

Poly Network is a protocol for swapping tokens across multiple blockchains, including Bitcoin, Ethereum and Ontology. It was formed by an alliance between the teams behind multiple blockchain platforms, namely Neo, Ontology, and Switcheo.

The assets stolen were $273 million of Ethereum tokens, $253 million in tokens on Binance Smart Chain and $85 million in USDC on the Polygon network.

Since the theft, Tether has blacklisted the USDT on Ethereum that was stolen in the attack, roughly $33 million in tokens. That means they can no longer be moved. (USDT is a centralized stablecoin that can be frozen at will by the company behind it, similar to other stablecoins like USDC.)

Following the hack, crypto exchange Binance CEO Changpeng Zhao tweeted, “We are aware of the [poly.network] exploit that occurred today. While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can.“

According to The Block Research’s Igor Igamberdiev, the root cause of the hack was a cryptography issue — which is not usually the case. It may have been similar to the Anyswap exploit, which saw $7.9 million stolen due to a hacker reversing the private key.

The hack has also had wider implications. As a result of it, O3, a trading pool that uses Poly Network to trade tokens among different blockchains, has had to suspend its cross-chain functionality.