August 2021 became one of the most shocking milestones in cryptocurrency history. During this period, hackers attacked the Poly Network platform, stealing cryptocurrencies worth over $610 million. This was one of the largest cyberattacks in the #DeFi (decentralized finance) industry. However, this story turned out to be not only about theft but also about unexpected twists—from negotiations with hackers to the return of funds.
This article will detail the events leading to the attack, its consequences for the industry, and the lessons learned by market participants.
What is Poly Network?
Poly Network is an inter-network protocol created for interaction between different blockchains, such as Ethereum, Binance Smart Chain, and Polygon. Its main goal is to provide users with the ability to transfer assets between different networks quickly, securely, and without the need for centralized exchanges.
With the rise in popularity of DeFi in 2021, Poly Network took an important place in the market, becoming a key tool for developers and investors. However, the high complexity and innovativeness of DeFi protocols are always accompanied by risks related to security.
Timeline of events
August 10, 2021: Attack
Beginning of the attack. On the morning of August 10, hackers exploited a vulnerability in the smart contracts of Poly Network. Within a few hours, they transferred cryptocurrency worth $610 million to their wallets.
Main assets:
The scale of shock. News of the attack spread instantly around the world. Poly Network published an open letter addressed to the hackers, demanding the return of the stolen funds and threatening legal action.
Negotiations with hackers
August 11, 2021. The hackers began returning part of the funds, explaining their actions in comments to the transactions. They claimed that the attack was a "white experiment" aimed at identifying vulnerabilities in the platform.
Messages from hackers. In their "confession," the attackers stated that their goal was to protect funds from other potential hackers who might exploit the same vulnerability.
Response from Poly Network. The project team engaged in dialogue with the hackers, calling them "Mr. White Hat." During the negotiations, Poly Network offered the hackers a role as security consultants and even a reward for identifying the vulnerability.
Refunds
August 12-13, 2021. The hackers began returning assets. By August 13, $342 million had been returned, while the remaining funds were temporarily frozen while the parties negotiated the terms.
August 18, 2021. All stolen funds, except for $33 million in USDT (frozen Tether), were returned.
Results of the attack
Full recovery of funds. Despite the scale of the attack, Poly Network users did not lose their assets.
Public statement from the hackers. In their final comment, the attackers expressed satisfaction that their "experiment" led to increased security.
How did the attack happen?
Technical side
The attack was made possible due to a vulnerability in the code of the smart contracts managing inter-network transactions. The hackers were able to change contract parameters by spoofing calls to the function that controlled the transfer of assets between blockchains.
The main mistake was the insufficient verification of data when calling functions, which allowed the attackers to substitute key variables and effectively become the owners of the assets.
Why didn't Poly Network prevent the attack?
Complexity of architecture. Inter-network protocols require complex solutions that create numerous points of vulnerability.
Insufficient testing. Poly Network's smart contracts did not undergo full audit testing, which allowed hackers to discover and exploit the vulnerability.
Lack of multi-layered protection. The transaction confirmation process was not adequately secured.
Consequences for the cryptocurrency market
Response to the attack
Temporary panic. Immediately after the incident, prices of some cryptocurrencies began to fall, and DeFi users started withdrawing funds from projects.
Increased attention to security. After the incident, major projects began to pay more attention to audits of smart contracts.
Impact on DeFi reputation
Despite the fact that Poly Network recovered the funds, the incident undermined trust in DeFi protocols. Users became more cautious in choosing platforms for investment.
Further steps for Poly Network
Poly Network conducted a security audit and updated its smart contracts. A multi-layer testing process was also implemented to avoid the recurrence of similar attacks.
Analysis of causes
Errors in the code. A vulnerability in the code was the main reason for the attack.
Lack of audits. Poly Network did not pay due attention to testing its protocols.
Absence of security standards. In 2021, the DeFi industry was still in its infancy, and many projects underestimated the importance of protection.
Lessons for the industry
Importance of audits. Major projects should undergo independent security audits regularly.
The role of hackers in the development of the ecosystem. Although the actions of the attackers break the law, they reveal weaknesses, helping the industry to become stronger.
Transparency and communication. Poly Network showed that open dialogue with the community can minimize damage to reputation.
The attack on Poly Network served as a reminder that even the most innovative projects are vulnerable to complex challenges. The incident highlighted the need for continuous improvement of security and interaction among market participants.
However, it is important to note that thanks to the prompt actions of the team and the unusual behavior of the hackers, the DeFi market was able to avoid a massive crisis. This case became a starting point for the creation of new security standards.
