Insights
August 10, 2021

TRM Tracks the Poly Network Hack as Attacker Communicates in Real Time

TRM InsightsInsights
TRM Tracks the Poly Network Hack as Attacker Communicates in Real Time

Early this morning, just days after the one-year anniversary of the release of version 1.0, the Poly Network announced that it was the victim of a massive hack. The Poly Network is a cross-chain decentralized finance (DeFi) platform launched by the founder of blockchain project Neo. Today's attack drained around $600 million in various crypto assets on the Ethereum (ETH), Binance Smart Chain (BSC), and Polygon blockchains.

TRM is monitoring and reporting the movement of funds in real time. Here's what we're seeing:

- The Poly Network hacker appears to be actively communicating through on-chain transactions with tipsters. An unknown individual using the ENS domain hanashiro.eth embedded the warning, "DONT USE YOUR USDT TOKEN YOU VE GOT BLACKLISTED" in a transaction with the hacker. In return, the Poly Network hacker sent hanashiro.eth 13.37 - worth over $42,000. The attacker's address was flooded with additional tips soon thereafter.

- The hacker has moved quickly to exchange stolen USDC. Within hours of the hack, over $96 million worth of USDC on ETH was swapped for DAI at a decentralized exchange (DEX). Similarly, nearly $120 million worth of USDC on BSC and BNB have been deposited with a fork of the same DEX operating on the Binance Smart Chain.

ETH funds movements
BSC funds movements

- Almost 24 hours before the thefts occurred, the hacker's Ethereum address - 0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963 - received 0.47 ETH from an East Asian Exchange. Similar small deposits were made at roughly the same time to the hacker's BSC address. The purpose of these transactions is unclear.

Update (Wednesday, August 11 - 9pm ET): The attacker started returning the stolen crypto assets and as of Wednesday had returned $256 million in assets stolen in the attack. The Poly.Network updated its official twitter page with a message confirming the attacker had returned roughly $260 million. The breakdown included $256 million in BSC, $3.3 million in ETH, and $1 million in Polygon. According to Poly.Network, the outstanding funds lost includes $269 million on ETH and $84 million on Polygon. The motive for the attack and the return of the funds is a source of debate across the crypto community.

With TRM's multi-asset coverage across ETH and BSC, our clients can trace the flow of attacker funds in one central location as swaps are executed. TRM has notified our clients of the attack and how it may impact their networks. For further information on how these updates may affect your platform as a TRM partner, or for more information about TRM, please contact us directly via contact@trmlabs.com.

This is some text inside of a div block.
TRM Labs, Inc.
Subscribe and stay up to date with our insights
arrow right
July 28, 2021

OFAC Sanctions Syrian-Based Terrorist Financier and Associated Bitcoin Address

arrow right
May 14, 2021

Digging into the Darkside Ransomware Payment

arrow right
July 26, 2021

The Wiseling Recap: Anatomy of a $45 Million Crypto Scam

Access our coverage of TRON, Solana and 23 other blockchains

Fill out the form to speak with our team about investigative professional services.

Services of interest
Select
Transaction Monitoring/Wallet Screening
Training Services
Training Services
 
By clicking the button below, you agree to the TRM Labs Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.