• About
    • About Us
    • Our Expertise
    • Meet The Team
    • Careers
  • Managed Services
    • Overview
    • Monitoring & Detection
    • Protection
    • Response
    • Training
  • Cyber Assessments
  • Consultancy
    • Consulting Services
    • Cyber Executives
  • News & Resources
    • In the News
    • Blog
    • Resources
  • Contact
Can We Help?
  • About
    • About Us
    • Our Expertise
    • Meet The Team
    • Careers
  • Managed Services
    • Overview
    • Monitoring & Detection
    • Protection
    • Response
    • Training
  • Cyber Assessments
  • Consultancy
    • Consultancy Service
    • Cyber Executives
  • News & Resources
    • In the News
    • Blogs
    • Resources
  • Contact
  • Can We Help?

How did an unknown hacker steal over $600M in cryptocurrencies in the biggest ever crypto based cyber-attack?

On 10th August 2021, Poly Network announced in a tweet that it had been attacked. Not only had their network been breached, but the hacker had transferred enormous sums to their addresses right under Poly Network’s nose.

Initial investigations into the attack show that it was, in fact, the biggest theft in decentralised finance (DeFi) crypto attack history! In total, the hacker managed to steal $611m taking $273m in Ethereum, $253m in Binance Smart Chain and $85m in Polygon.

At the point of writing, the attacker (or attackers) remains unknown, although, they have started to return some of the stolen assets leading to the belief that the final damage of the attack will only be to Poly Network’s integrity and reputation. However, this theory is derived from early analysis only, and it’s not yet confirmed, meaning there remains a possibility that the attack could occur again.

So, how did they do it?

Currently, there are two publicly documented theories on how the cybercriminal(s) may have managed to pull off the attack. The first believes that the hacker exploited a vulnerability that allows threat actors to sign messages occurring during the exchange of cryptocurrencies. The second theory is that they identified a bug in the signing process of the Poly Network and abused it to sign a crafted message.

Poly Network reacted quickly by sharing news of the attack on Twitter and an open letter to the hacker to “urge the hackers to return the assets.” They followed up with a request to miners of the affected blockchains to blacklist tokens coming from the Ethereum, Binance Smart Chain and PolyGon addresses.

The motivations of the attack, and one of this scale, remain unclear. However, at the time of writing, the hacker has returned $260m of the stolen funds, of which Poly Network continues to update the cryptocurrency community over on its Twitter page.

What do we think at CSA?

As an end-user or a cryptocurrency trader, we recommend conducting thorough research into the organisations that you have your currency. It’s important to understand their stance on cyber security, as ultimately, protecting yourself from this type of attack is out of your control as an end-user. The issue exploited was a flaw in the trading platform system and not within your means to monitor.

If you hold an administrative position within a crypto trading platform, CSA advises that you ensure frequent penetration testing exercises are performed on the platform. This will identify any vulnerabilities before cybercriminals spot an opportunity to exploit them.

It goes without saying, attacks on a grand scale such as the Poly Network hack generate a high amount of publicity. Doing so highlights weaknesses within the cryptocurrency community and a lack of focus on security when it comes to the platforms used to trade on. In this instance, Poly Network was lucky that the hacker showed some remorse or has a different motive other than pure greed by returning some of the funds.

The attacker’s identity remains a mystery, though we would be surprised if Poly Network has not already started to investigate people within its inner circle who may have the skills or knowledge to pull off this kind of attack. It would be wise for Poly Network to alleviate any possibilities that this could have been an insider threat, not only to protect themselves and their users from a future attack, but to ensure the integrity of their team.

It is yet to be seen if the attacker has another trick up their sleeve or if this does mark the end of the biggest crypto heist we’ve seen to date. Regardless of how the events are perceived or will be in the future, it should be a given that this is a learning experience for everyone involved with cryptocurrency security and welfare.

This attack could have occurred with a hacker that may not have been willing to return any stolen assets at all causing a lot more damage to the cryptocurrency community than just bruising Poly Network’s ego and reputation.

A full technical report on how the threat actor was believed to conduct these actions can be found here.

To find out more about these services, our E-learning courses, and how we can help your business stay secure, get in touch!

Related articles

Posted on December 29, 2021

What is SquirrelWaffle?

SquirrelWaffle is known as a dropper malware, where it would be used to download additional and potentially more destructive malware onto…

Posted on December 16, 2021

CSA Awards of the Year 2021

As we near the end of year, an incredibly busy year for our teams in terms of growth and innovation, we wanted to take a moment to…

Posted on December 14, 2021

Cyber Essentials Changes: Here's Everything You Need To Know

Rapid digital transformation, mass adoption of cloud-based services and migration to home-working were necessary changes for businesses…

Posted on December 8, 2021

CSA 12 Days of Cyber Christmas

As the end of the year fast approaches, we wanted to share a little refresher on ways to ensure your technology and data remains…

Posted on December 1, 2021

Planning To Shop Online This Holiday Season? Here Are The Cybercrimes You Need To Be Aware Of

Black Friday and Christmas are considered a blessing and a curse within the retail industry. It’s a time where retailers…

Posted on October 20, 2021

This Apple “AirTag” Vulnerability could be harvesting your credentials

During late September, the headlines were hit with the news of a vulnerability within Apple’s AirTag…

Posted on October 13, 2021

September Security Roundup

Currently, the world faces not one pandemic but two: Coronavirus and the rise of ransomware attacks…

Posted on October 10, 2021

Is Data More Valuable Than Jewels? The A-List Cyber Heist That’s Putting Ransomware Attacks On The Map

Cybercriminals don’t discriminate. It doesn’t matter how famous you are, if your information is vulnerable…

Posted on October 6, 2021

CSA adds Lookout Mobile Endpoint Security to growing solutions portfolio

Following the global pandemic, the mass migration to remote working was a necessary move…

Posted on September 15, 2021

​​The Rising Popularity of NFTs and The Rising Security Threat

The art world is known for being ahead of the curve, adopting new and interesting technologies to…

Posted on September 7, 2021

TG1021 (Praying Mantis): The new threat actor group that could be targeting your IIS servers!

Recently, an infamous threat actor group going by the name of TG1021 or Praying Mantis…

Posted on August 19, 2021

Is Cyber Training and Education working?

The report from the ICO on the ‘surprising’ decline in personal data breaches…

Posted on May 12, 2021

How to Prevent a Ransomware Attack

According to a 2020 survey by Sophos, 51% of organisations were hit by Ransomware in the last year…

Posted on March 23, 2021

Is your Microsoft M365 service secure from attackers? Are you sure?

The mass migration to remote working as a result of the coronavirus pandemic has…

Posted on January 10, 2021

Covid-19: How to prepare your staff
for remote working

Since the initial Covid-19 outbreak, the nation’s workforce had to learn to quickly…

Posted on December 13, 2020

Covid-19: Cyber Criminals Launch
Their Own ‘Virus’

Whilst the world is currently preoccupied with public health, cyber attackers have taken…

Posted on November 20, 2020

The rise of Covid-19 phishing scams

Whilst the rollout of the Covid-19 vaccine across the UK brings with it the good news…

About

  • About Us
  • Our Expertise
  • Meet The Team
  • Careers

Managed Services

  • Overview
  • Monitoring & Detection
  • Protection
  • Response
  • Training

Consultancy

  • Consulting Services
  • Cyber Executives

News & Resources

  • In the News
  • Blog
  • Resources

Cyber Assessments

Can We Help?

Partner Portal

Contact

Head Office Unit 11, Wheatstone Court, Waterwells Business Park, GL2 2AQ
©2022 Cyber Security Associates. All Rights Reserved.
Terms of Use Privacy Policy
Powered by P1C
This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see our Privacy Policy.
Cookie settingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT

Can We Help?