The hack of Poly Network that pilfered over $600 million is the largest DeFi theft ever. While Poly Network reports having retrieved some of the crypto, hundreds of millions in digital assets are still yet to be returned.
$260 million (As of 11 Aug 04:18:39 PM +UTC) of assets had been returned:
The remainings are $269M on Ethereum, $84M on Polygon
— Poly Network (@PolyNetwork2) August 11, 2021
Crowdfund Insider has received several comments regarding the breach.
Michal Bartczak co-founder and CTO of Coinswap Space, says exploit attempts are an unfortunate inevitability of a new innovative market.
“Contracts holding huge amounts of funds will always be the target of a network of hackers that is spread across the globe. The issue that faces us is how to effectively protect the market and investors in these.
It seems like it’s still too early to ascertain the exact cause of the security breach with both the leak of a private key and a potential bug in Poly’s signing process being proposed as explanations.
However, Poly’s Network has now joined Thorchain and Rari Capital in being a cross-chain protocol that has recently been the victim of such an attack. Unlike the main coding utilized by UniSwap, PancakeSwap, and even CoinSwap Space, which has never been hacked, cross-chain protocols must develop using new code. It is very difficult to simulate a global network of hackers trying to exploit a protocol so new code is very often vulnerable to an attack. Obviously, the security afforded by the DeFi swaps is not yet present in cross-chain protocols. With many different alt-coins rising to prominence in the DeFi market, it seems likely that the future of DeFi will be multichain. The problems presented by these attacks are doing direct damage to DeFi users’ faith in this future.
Bartczak addes that the sheer amount of money alone will, of course, shake many investors’ confidence, both in DeFi and across the crypto sphere.
However DeFi is still young. It is vital that we as a community are able to take events such as these as a lesson. We have to learn from this and ensure that blockchain protocols are properly audited in terms of smart contract security and in terms of how teams’ operating procedures might present the possibility of human error exposing investor funds. These steps will increase investor faith across DeFi and particularly in protocols designed to be multi-chain.
One other thing that’s worth noting about the attack is how remarkable it is that the hackers seem to have been identified so quickly. The security firm SlowMist announced that they were able to identify the attackers mailbox, IP, and device fingerprints and that the attackers have started returning the funds.
The ability to chase down the hackers is definitely a product of institutions and larger investors entering the crypto sphere. The days of crypto being something of a wild west for people to move capital around are coming to end. Being able to track down thefts like this brings a legitimacy to crypto that is only going to make it more attractive to institutions.
This is a significant moment for the cryptocurrency market, especially for cross-chain platforms. It is a test that will examine to what extent we are able to monitor the market and make it difficult to launder stolen funds. It is vital that the market is able to strike a balance with decentralization and the anonymity of the cryptocurrency market, on one hand, and protection of investors, without whom we will not build a solid market, on the other.”
Liti Capital CIO , David Kay gave a bit of a compliment to the perps saying it displayed the ingenuity of the hackers and the need for the blockchain community to enhance stricter audit rules for their protocols.
“Cyber security needs to be a full inclusive process which safeguards not only protocols but also the assets of the investors. Without an intense focus on continuing to better our protocols, incidents like this are bound to happen again, which ultimately will reduce the overall credibility of the blockchain industry.”
Kay sees this event as another reminder of the scourge of scammers that populate the industry:
“It’s long past time for the community to stand up and start to organize to fight back against the uncertainty that these attacks create. In order to continue to grow, we need to be able to hold at least a portion of these people accountable. And we are starting.”
While the news that the funds are trickling back is encouraging, exploits and thefts like this are not just bad for the impacted holders but for the industry in general as it strives for greater acceptance and not more regulatory scrutiny.