August 10, 2021
Early this morning, just days after the one-year anniversary of the release of version 1.0, the Poly Network announced that it was the victim of a massive hack. The Poly Network is a cross-chain decentralized finance (DeFi) platform launched by the founder of blockchain project Neo. Today's attack drained around $600 million in various crypto assets on the Ethereum (ETH), Binance Smart Chain (BSC), and Polygon blockchains.
TRM is monitoring and reporting the movement of funds in real time. Here's what we're seeing:
- The Poly Network hacker appears to be actively communicating through on-chain transactions with tipsters. An unknown individual using the ENS domain hanashiro.eth embedded the warning, "DONT USE YOUR USDT TOKEN YOU VE GOT BLACKLISTED" in a transaction with the hacker. In return, the Poly Network hacker sent hanashiro.eth 13.37 - worth over $42,000. The attacker's address was flooded with additional tips soon thereafter.
- The hacker has moved quickly to exchange stolen USDC. Within hours of the hack, over $96 million worth of USDC on ETH was swapped for DAI at a decentralized exchange (DEX). Similarly, nearly $120 million worth of USDC on BSC and BNB have been deposited with a fork of the same DEX operating on the Binance Smart Chain.
- Almost 24 hours before the thefts occurred, the hacker's Ethereum address - 0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963 - received 0.47 ETH from an East Asian Exchange. Similar small deposits were made at roughly the same time to the hacker's BSC address. The purpose of these transactions is unclear.
Update (Wednesday, August 11 - 9pm ET): The attacker started returning the stolen crypto assets and as of Wednesday had returned $256 million in assets stolen in the attack. The Poly.Network updated its official twitter page with a message confirming the attacker had returned roughly $260 million. The breakdown included $256 million in BSC, $3.3 million in ETH, and $1 million in Polygon. According to Poly.Network, the outstanding funds lost includes $269 million on ETH and $84 million on Polygon. The motive for the attack and the return of the funds is a source of debate across the crypto community.
With TRM's multi-asset coverage across ETH and BSC, our clients can trace the flow of attacker funds in one central location as swaps are executed. TRM has notified our clients of the attack and how it may impact their networks. For further information on how these updates may affect your platform as a TRM partner, or for more information about TRM, please contact us directly via firstname.lastname@example.org.
Need support on an investigation?
Fill out the form to speak with our team about investigative professional services.