Hackers Steal $600 Million in Likely Largest DeFi Crypto Theft
(Bloomberg) -- Hackers perpetrated what is likely the biggest theft ever in the world of decentralized finance, stealing about $600 million in cryptocurrency from a protocol known as PolyNetwork that lets users swap tokens across multiple blockchains.
It isn’t clear from the PolyNetwork website who runs the protocol, which governs transactions that run on the application. DeFi, or decentralized finance has surged in popularity in the past few years in the wake of a boom in the development of applications that let people trade, borrow and lend funds to each other without intermediaries.
Security researcher SlowMist said it has found the attacker’s email, IP address and device fingerprints, the team reported on Twitter. It added that “this is likely to be a long-planned, organized and prepared attack.” Crypto exchanges including Binance are involved in helping PolyNetwork, Binance Chief Executive Officer Changeng Zhao said on Twitter.
“The hacker has begun to use decentralized exchanges to convert the stolen assets into other assets, including stablecoins,” Tom Robinson, co-founder of Elliptic, said in an email. “Tokens such as stablecoins can in theory be seized by their issuers, which could lead to them being returned to their rightful owners. However this isn’t possible for the stolen Ether, although it may be possible to seize these funds if they are sent to a centralized exchange to be cashed-out.”
With DeFi apps attracting billions in investor funds, they’ve also become frequent targets of attacks. This year, DeFi-related hacks made up more than 60% of the total hack and theft volume of crypto attacks, up from 20% in 2020, according to crypto security company CipherTrace. At $156 million, the amount netted from DeFi-related hacks in the first five months of 2021 already surpasses the $129 million stolen in DeFi-related hacks throughout all of 2020, CipherTrace said.
About $80 billion is locked in DeFi applications, making them an attractive target, according to tracker DeFi Pulse.
©2021 Bloomberg L.P.