Hackers take $600m in 'biggest' cryptocurrency theft

Updated: Poly Network has asked for 'hacked assets' to be returned by attackers - and it has apparently received millions back already.

Cyber attacks: How to protect your industrial control systems from hackers

A hacker has apparently exploited a vulnerability to steal $600 million from a blockchain finance platform in what could be one of largest cryptocurrency thefts to date. 

The makers of Poly Network, a "DeFi" or decentralized finance platform that works across blockchains, said on Tuesday that an attacker stole about $600 million in cryptocurrencies. 

ZDNet Recommends

The best ethical hacking certification 2021

Becoming a certified ethical hacker can be a rewarding career. Here are ZDNet’s recommendations for the top certifications in 2021.

Read More

The team behind Poly Network appealed to the hackers to "return the hacked assets". 

"The amount of money you hacked is the biggest one in defi history. Law enforcement in any country will regard this as a major economic crime and you will be pursed. It is very unwise for you to do any further transactions. The money stole are from tens of thousands of crypto community members, hence the people. You should talk to us to work out a solution," the Poly Network team said. 

Also: The best crypto credit cards: Get your rewards in cryptocurrency

Poly Network works across blockchains for Bitcoin, Ethereum, Neo, Ontology, Elrond, Ziliqa, Binance Smart Chain, Switcheo, and Huobi ECO Chain.

Poly Network listed three addresses the assets were transferred to. 

"We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses," the team pleaded. 

And it appears that at least a small amount of the funds have been returned. Poly Network posted on Twitter "you are moving things to the right direction" and said that it had received more than $1m back.  

A little later it posted again saying: "So far, we have received a total value of $4,772,297.675 assets returned by the hacker. ETH address: $2,654,946.051 BSC address: $1,107,870.815 Polygon address: $1,009,480.809."

According to Poly Network, "the hacker exploited a vulnerability between contract calls, exploit was not caused by the single keeper as rumored."

Per Wall Street Journal's MarketWatch, the CTO of stablecoin company Tether, Paolo Ardoino, said the company froze $33 million of its tokens lost in the Poly Network attack. 

The hackers stole about $267m of Ether, $252m of Binance coins, and $85 million in USDC tokens. 

SEE: Attacks on critical infrastructure are dangerous. Soon they could turn deadly, warn analysts

Changpeng Zhao "CZ", chief of the giant Binance crypto-exchange, said on Twitter that it was aware of the Poly Network attack and noted that there was not much the company could do about it. 

"While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can," he wrote.