- Poly Network marks the largest DeFi hack to date with $600 million involved.
- The hacker posted a message on Ethereum asking for a bounty of $500K.
- Existing security challenges now threaten DeFi’s goal to define the future of finance.
Despite its success, the crypto market has been a victim of many hacks over the years. This market hosts all sorts of stakeholders ranging from innovators, investors, and malicious players. The latter group is a nuisance, with the latest Cipher Trace report showing that crypto market hacks in the first half of 2021 totaled $681 million. Decentralized Finance (DeFi) took the largest hit, making up over 75% of the total hacks in crypto.
Following the latest hack on Poly Network, the figure will likely be much higher at the end of the year. Poly Network was compromised on August 10, marking the largest DeFi hack to date as the attackers siphoned close to $600 million.
Before this, another cross-chain protocol dubbed Thorchain had also been attacked twice. In the latest instance, the hackers managed to dent the protocol by about $8 million and even warned they could have gotten away with more funds.
The Largest Hack in DeFi
While there have been numerous hacks in DeFi, the Poly Network hack has caused waves amongst the crypto community. DeFi stakeholders, in particular, are more concerned than ever about the security robustness of existing protocols.
Poly Network’s hack is probably the hallmark of all DeFi hacks – a $600 million digital heist. According to security reports by Slowmist, the attackers drained the funds to three addresses. The report notes that the hacker’s original funds were in Monero (XMR), a privacy-oriented crypto asset, but were swapped for MATIC, ETH and BNB before the attack was executed.
Slowmist went on to highlight that the nature of the attack shows that it might have been well-coordinated,
Based on the flows of the funds and multiple fingerprint information, it is likely a long-planned, organized, and well-prepared attack.
However, in a twist of events, the hacker has said that they are willing to return half of the funds that were stolen. Could it be because they were not able to transfer the funds without being tracked? That is just one of the speculations.
Who is Playing Who?
The developments on the Polychain Hack have been quite interesting, although no one seems to make the hacker’s actual goal. Initially, they tried to transfer the stolen funds through an Ethereum address into the Curve.fi liquidity pool, but the transaction was rejected. However, close to $100 million was transferred from BSC into the Ellipsis Finance liquidity pool.
On the other hand, Tether moved to freeze about $33 million of the hack proceeds. As the hullabaloo continued, the hacker was alerted by one crypto user’ hanashiro’ that their address had been blacklisted, warning them not to use their USDT tokens. In return, the hacker tipped hanashiro $42K in ETH for the information.
Barely a day later, the hacker had changed tone and was willing to return some of the stolen crypto funds. A turn of events that has left the DeFi community with many questions. Did the hacker want to steal the funds? Was it an inside job?
According to the latest update from the hacker, it appears someone was just out to teach DeFi protocols a lesson. The hacker posted a message on the Ethereum blockchain on August 17, asking for a bounty of $500K to provide the private key needed to facilitate the complete return of the compromised funds,
Money means little to me, some people are paid to hack, I would rather pay for the fun. I will provide the final key when everyone is ready. My idea has not changed, but I do worry it might be an endless war. So I might release it earlier if the community understands everything.
While they may be genuine, it is also possible that moving the funds proved to be more complex than expected. Another angle could be that the hackers are staunch DeFi enthusiasts, which means that they understand that they could hurt the reputation of the entire crypto ecosystem. That said, stakeholders can only hope that everyone goes home happy.
Securing DeFi with Quantum Resistant Blockchains
All said and done; it is evident that DeFi needs to be made more secure. This is especially important given that quantum computing threatens the core architecture of most existing DeFi protocols. The debut of quantum computers will likely disrupt crypto algorithms that tout themselves as ‘unbreakable’ – current hacks will be a drop in the ocean.
Luckily, quantum-focused blockchain platforms are coming up to hedge for the security uncertainties. One of them is QANplatform, a quantum-resistant hybrid blockchain platform. Like Ethereum, QAN allows developers to build decentralized applications and DeFi protocols, offering a quantum-resistant environment as the cutting edge.
In addition, this hybrid blockchain platform features rapid 1-click deployments, which means that developers can have their apps running within minutes. Some of the programming languages developers can use to deploy smart contracts on QAN include Rust with the platform set to integrate support for C, C++ and TypeScript.
The DeFi market is one of the most active niches in crypto, with a total value locked of $78 billion as of press time. This nascent niche has risen the ranks over the past year, becoming a fundamental part of the futuristic financial market structure. At the core, DeFi eliminates middlemen such as bankers and investment firms who have long exploited their clients by giving minimal returns.
However, the existing security challenges now threaten DeFi’s goal to define the future of finance. With all the hacks happening, DeFi is less likely to gain mainstream adoption. This calls for action from all stakeholders in the crypto community. As the industry grows, quantum-resistant blockchains and other solutions will play an integral part in supporting the security of DeFi protocols.