Poly Network, which links some of the world’s most widely used digital ledgers, said on Tuesday that attackers exploited a vulnerability in its system and took thousands of crypto tokens. The attack is said to be one of the largest to date against a crypto firm, on par with major breaches including those from the Coincheck and Mt Gox exchanges.
The alleged hack is a blow to supporters of decentralized finance, or DeFi, which has been one of the fastest growing areas of the cryptocurrency market. It also highlights the lack of consumer and investor protection in a market that has exploded in recent years with only slight oversight from financial regulators.
Poly Network has developed a computer protocol, or set of rules, that allows users to transfer tokens tied to a blockchain to a different network. Many of the world’s most widely used blockchains, such as Binance Chain and ethereum, have grown independently and their coins, offered as an incentive to users, run on separate technologies.
However, this does mean that investors cannot easily move their tokens to another blockchain, to exchange them or use them as collateral for another investment.
Advocates are trying to create networks that allow users to buy and sell digital assets directly with each other, bypassing middlemen who might charge fees, such as a stock exchange or clearinghouse. Many projects aim to be fully decentralized.
The alleged hacker exploited a vulnerability in Poly Network’s “contract calls”, a type of test that is not intended to be released to the blockchain, to access ledgers and transfer money, said the network.
The tokens were valued at around $ 600 million before the alleged hack was announced, with more than $ 270 million on the ethereum blockchain, $ 250 million on the Binance smart chain and $ 84 million on the Polygon network, according to wallet addresses published by Poly. Network on Twitter.
Etherscan said the hacker took altcoins such as Binance Coin and Ether, as well as dozens of smaller tokens including Shiba Inu, Matic and Uniswap. The dollar value of stolen coins fell to $ 394 million as word spread and investors sold cryptocurrencies, causing token prices to plummet.
Poly Network has used groups called “miners” – who process transactions – and centralized crypto exchanges to help block transfers. “We will take legal action and urge the hackers to return the assets,” he said.
For the latest fintech news and opinions from FT’s correspondent network around the world, sign up for our weekly newsletter #fintechFT
Register here in one click
Changpeng Zhao, chief executive of Binance, said his company was aware of the incident. He said that while “no one controls” Binance’s blockchain, the group “was coordinating with all of our security partners to proactively help. There is no guarantee. We will do whatever we can. “
Paolo Ardoino, chief technical officer of stablecoin firm Tether, said the group has frozen around $ 33 million of its tokens, which are on the Poly network. A substantial proportion was also in USD Coin, operated by the payment services company Circle, according to Etherscan. Circle did not immediately respond to a request for comment.
Earlier this month, Gary Gensler, chairman of the Securities and Exchange Commission, the U.S. market regulator, called on lawmakers to give watchdogs more powers to protect investors from illicit activity on DeFi platforms.