The attacker managed to transfer funds from several blockchains connected by a blockchain agnostic trading pool, O3 Swap. Created by Poly Network and O3 Labs, the platform allows users to interact with Ethereum, Binance Smart Chain (BSC), Polygon, and others.
Using an exploit, the hacker took control of $273 million on Ethereum, $253 million on BSC, and $85 million on Polygon. In total, the attacker took over $600 million. However, the Poly Network team reached out to establish a communication channel.— Poly Network (@PolyNetwork2)Data provided by Poly Network claims that they have received around $4 million from the addresses used by the bad actor. In reply, the team told the hacker that things “are moving to the right direction”.
So far, we have received a total value of $4,772,297.675 assets returned by the hacker.In the meantime, the Poly hacker took some time to do a Questions & Answers (Q&A) session via messages embedded in ETH transactions. Founder of Primitive Crypto Dovey Wan the answers via her Twitter account in an attempt to shed light on the mastermind behind one of DeFi’s worst exploits also know in certain community circles as “Etherhood”. Speaking on the main reason to conduct hacking operations, the bad actor simply replied, “for fun”. Specifically, “Etherhood” decided to go after Poly because “cross-chain hacking is hot”, but added that the decision to conduct the operation was not taken lightly.ETH address: $2,654,946.051
— Poly Network (@PolyNetwork2)
BSC address: $1,107,870.815
Polygon address: $1,009,480.809
WHEN SPOTTING THE BUG, I HAD A MIXED FEELING. ASK YOURSELF WHAT TO DO HAD YOU FACING SO MUCH FORTUNE. ASKING THE PROJECT TEAM POLITELY SO THAT THEY CAN FIX IT? ANYONE COULD BE THE TRAITOR GIVEN ONE BILLION! I CAN TRUST NOBODY! THE ONLY SOLUTION I CAN COME UP WITH IS SAVING IT IN A _TRUSTED_ ACCOUNT WHILE KEEPING MYSELF _ANONYMOUS_ AND _SAFE_.
Poly Hacker Trying To Save The World?
While details of the hack were still under investigation, Wan speculated on the possibility that the attack was conducted by insiders. Poly Network was a relatively unknown project before it was hacked. In that sense, she pointed out the extent of the DeFi ecosystem and its potential risks and rewards:
Not saying Poly Network is a scam as PlusToken, just saying the highly localized Chinese crypto community always have their own version to utilize the same blockchain infra, for good and for bad, most are unseen and lack of accessibility to westerners, with MASSIVE capital sink.The hacker himself denied being part of an inside job and claimed that the attack served as a way to uncover the vulnerability on the system before real “insiders exploit” it. Thus, he referred to the attack as one way of “saving the world” while adding the following:
I UNDERSTOOD THE RISK OF EXPOSING MYSELF EVEN IF I DON’T DO EVIL. SO I USED TEMPORARY EMAIL, IP OR _SO CALLED_ FINGERPRINT, WHICH WERE UNTRACABLE. I PREFER TO STAY IN THE DARK AND SAVE THE WORLD.Popular YouTuber and educator Michael Gu, founder of Boxmining, claimed to be a victim of the hack. Gu apparently lost a significant portion of his saving without any way of taking them back. Despite the hacker’s intention with the attack on Poly, this goes to show the other side of the coin. The one that goes beyond heroes and villains and focuses on those that truly lost something meaningful.
1) So I'm a victim of the hack – it can potentially be a significant amount of my ETH/ BTC/ USDC savings. I'm probably still in the denial phase. It seems at this point there isn't much I can do other than to sit on my hands. — Boxmining (@boxmining)
At the time of writing, ETH trades at $3,240 with a 4.7% profit in the daily chart.