Hackers pulled off the biggest ever cryptocurrency heist on Tuesday, stealing $613 million (roughly Rs. 4,550 crores) in digital coins from token-swapping platform Poly Network, only to return $342 million (roughly Rs. 2,540 crores) worth of tokens less than 24 hours later, the company said. Here's what we know so far about the heist.
Who is Poly Network?
Poly is a token-swapping platform designed for smart contracts on the Ethereum network. It was created to help companies that use tokens for financial purposes connect with each other, bypassing traditional infrastructure. It raised $130 million (roughly Rs. 7,850 crores) from its token sale in November, in what was the largest initial coin offering (ICO) of 2018. What exactly happened? On Tuesday evening, a hacker got into the Poly Network's Ethereum-based trading platform and replaced all tokens with phony ones, according to Poly's CEO and co-founder Simon Yu.
What happened on September 7, 2018?
It started at 4 am ET, when at least one hacker targeted Poly Network's website, using it to acquire 29,108 tokens. It is unclear if the exchange then sold them through a separate wallet. Poly Network's platform allows traders to swap ERC-20 tokens for Bitcoin through the use of smart contracts. However, the hacker also acquired tokens on Poly Network's platform, prompting the platform's moderators to block any new trade. This is why the value of Poly Network's total token reserves plummeted from $614 million to $233 million. When did Poly Network first discover the hack? Poly Network discovered the hack around 2:10 pm ET on Tuesday. The company informed its customers via email around 4:50 pm, according to the Associated Press.
The $613 million heist in digital tokens
In a Twitter post on Tuesday evening, Poly Network said that it had suffered a "large scale" hack that led to the theft of digital tokens worth $613 million. The company said the attack was led by a number of distributed denial-of-service (DDoS) attacks that it had suffered. Poly Network said it believes hackers gained access to its private keys and passwords that were used to access its cryptocurrency wallet and transfer the tokens. Poly Network later said that the keys and passwords were protected using strong cryptography, and did not use the same method as a previous hack. Tidex, a trading platform for digital tokens, was reportedly also attacked by hackers, as was the platform Ethereum of exchange platform Waves.
Who are the hackers?
Poly Network, which has offices in Mexico and Hong Kong, did not name the hackers, though in an emailed statement it said they gained control of its official cryptocurrency wallet and took 2.4 billion digital tokens. In total, the hackers were able to swipe about $82 million worth of tokens, according to Poly Network. Why were the tokens returned? Poly Network said it discovered the hack on Tuesday and within hours had returned the hacked tokens to the wallets that were vulnerable to attack. The company says it's working with law enforcement on the matter. On Wednesday morning, Poly Network released the names and contact details of six people it said were involved in the attack, including two whose public LinkedIn profiles describe them as chief executives.
What is a token swap platform?
Poly Network offered digital coins like Bitcoin (BTC) on its platform, where holders can trade one token for another. This platform was different from exchanges, which sell tokens or tokens on the exchange. This platform allowed tokens to be swapped among other holders in a private, secure and encrypted manner. What exactly happened? The unknown hacker, who hails from an unnamed country, took over Poly's main account and transferred all the funds out of the company's wallet to an external address. Though he returned back only $342 million (roughly Rs. 2,540 crores) after the exchange took some measures to freeze the users' wallets. The other $400 million (roughly Rs. 3,540 crores) of the stolen tokens are still in the lost wallet. How much was stolen?
How does cryptocurrency work?
Cryptocurrency works by providing users with a secure method of transferring money online. Users with digital coins such as Bitcoin can exchange these virtual currencies for real-world assets like property or equity in companies. A token is the digital equivalent of a token on a real-world exchange, a digital representation of something real, like Bitcoin. What happened to Poly Network users' tokens? On Tuesday, approximately 80 million Poly Network tokens were stolen from the trading platform, according to an initial news report from Poly Network on Tuesday. The cyber heist occurred after the attackers stole "many millions" of user tokens and subsequently disappeared with the remaining tokens, the company said.
In January, hackers stole almost $1 billion (roughly Rs. 6,547 crores) in bitcoin from another token-swapping platform. With Tuesday's heist, Poly has become the biggest crypto heist yet. All that's left is to know how the thieves pulled off the heist.