‘Mr. White Hat’: Why the Poly Network Hack Taught DeFi an Expensive Lesson Moving Forward

Last week, a decentralized finance (DeFi) platform called Poly Network fell victim to the largest crypto heist to date, with hackers making off with more than $600 million worth of crypto. 

Ironically, the company was able to receive most of the stolen funds back from the hacker, after pleading with them to return the funds in exchange for a bounty. 

An individual claiming to be the hacker responded to Poly Network’s public message, saying that the purpose of the attack was “for fun.”

Launched in August 2020, Poly Network is a DeFi platform that connects different blockchains which allow users to transfer or swap tokens across different networks through facilitated peer-to-peer (P2P) transactions. For example, a user could come into Poly Network to transfer tokens such as Bitcoin from the Ethereum blockchain to the Binance Smart Chain. 

For those new to the world of decentralized finance and digital assets, a “blockchain” is a digital ledger of transactions that’s maintained by a distributed network of computers, rather than a centralized authority which we have been accustomed to since the birth of the Internet. 

So, how did it happen? The hacker allegedly exploited a flaw in Poly Network’s digital contracts code to steal the funds, making off with more than $610 million worth of crypto in the attack. 

Currently, Poly Network operates on the Binance Smart Chain, Ethereum, and Polygon blockchains. By means of a smart contract, tokens are swapped between the blockchains because of the coded set of instructions on when to release the assets to the counterparties. 

Subjected to the attack, one of the platform’s smart contracts that is used to transfer tokens between blockchains maintains large amounts of liquidity to allow users to efficiently swap tokens. In a tweet, Poly Network believed that there was a vulnerability in that smart contract, which allowed for the hacker(s) to make off with the money. 

One Ethereum programmer believes that hackers overridden the contract instructions for each of the three blockchains and diverted the funds to three wallet addresses, or digital locations for storing these tokens. 

Most unusual was the hacker’s response, returning nearly half of the crypto the following day, according to Poly Network. But why?

In a White Hat World…

Believe it or not, not all hackers are inherently bad. In an age of reducing the spread of misinformation, it’s important to first characterize cyber attacks based on the motives behind them. In the world of cybersecurity, there are three types of hackers. 

Let’s explore each one, according to Norton Security:

Black Hatter

When we learn about cybersecurity incidents, we often hear about these attacks categorized as “black hat” attacks. 

The primary motivation of a black hatter is to exploit vulnerabilities for personal or financial gain. Often incidents of cyber espionage, protest, or the mere thrill of exposing a system come into play for black hat attacks. The end goal is to steal data as well as modifying and/or destroying it. 

There is no requisite experience level, but most who attempt are often pretty well-versed with hacking into computer networks and bypassing security protocols. 

Grey Hatter

Grey hat hackers demonstrate characteristics of both a black hatter and white hatter. Usually these types of hackers are not inherently malicious, but are just looking to get some type of compensation for their discoveries. 

The goal behind these attacks is not to exploit the found vulnerabilities, but to be rewarded for finding the issues, and to be compensated for fixing those issues. In the event the hacker is not paid for their “work,” they sometimes may post that newly found exploit online for the community to see. You can see the “grey line” here, all pun intended.

The reason this behavior is still considered to be illegal and subject to the Computer Fraud and Abuse Act (CFAA), a federal U.S. statute that governs unauthorized access to computers and networks, is because the attack is done without permission from the owner prior to attempting to attack the system. 

Also read:Why Microsoft Launched the First APAC Cybersecurity Executive Council and What It Means

Back in May, Microsoft announced it would be launching the very first Asia-Pacific Public Sector Cybersecurity Executive Council to un...

White Hatter

Like the angels they are, white hat hackers choose to hack “ethically.” Usually, these hackers are paid employees or contractors working for companies or governments who are attempting to find security holes.

The main difference between a white hat hacker and a black hat hacker is permission. Both use the same methods to hack, but one does so with permission from the owner of the system first, making the conduct legal. Ethical hacking also has online courses, training, conferences, and certifications, adding to its legitimacy. 

In this case, it’s hard not to argue that the hacker here would be characterized as either a “gray hatter” or “white hatter.” Poly Network referred to the hacker(s) as “Mr. White Hat,” who, in this case, seemed to act as an ethical hacker whose only concern is to expose vulnerabilities so they can be fixed later on. 

In his response, the person allegedly behind the attack gave his reason for returning the funds:

“That’s always the plan! I am not very interested in money! I know it hurts when people are attacked, but shouldn’t they learn something from those hacks?”

According to Tom Robinson, chief scientist at Elliptic, a blockchain analytics firm, that response was written by the hacker behind the attack, telling CNBC that their firm was able to trace those messages back to transactions sent from the hacker’s account. 

“Only the holder of the stolen assets could have sent them,” Robinson told CNBC. However, CNBC was unable to independently verify the authenticity of the message, as well as identify the hacker(s), despite SlowMist researchers stating they tracked down information on the attacker’s IP address and email address.

SlowMist is a cryptocurrency security firm, who last week posted to its website that it has in fact identified the attacker’s mailbox, IP address, and device fingerprints. As of the date of this article, the company has not yet named any individuals, but believed the attack to be a “…long-planned, organized and prepared attack.”

It isn’t very often that we have empathetic hackers who hack to “teach” a lesson, but what we have here is that rare instance where an individual or group of individuals wanted to show a valuable lesson to a company like Poly Network, that despite its claims of encryption and security for its ecosystem of investors, has security vulnerabilities that clearly put investors at risk. 

Bottom Line

While this may have been a rare instance, these types of attacks are necessary and instrumental to helping push DeFi into the next stages of mass adoption and trust. 

What Poly Network does next, however, will be interesting, whether it will make the decision to pursue the hacker and of course, levy any penalties against them. In my opinion, why not bring them on and have them better strengthen the ecosystem that is in play for investors and consumers across the world?

Article by Andrew Rossow

Andrew Rossow is a Legal Contributor at Lawrina. He is a practicing attorney, adjunct law professor, writer, and speaker on cybersecurity, digital monies, and privacy. Utilizing his millennial upbringing, Rossow provides a well-rounded perspective on legal and technology implications Bitcoin brings to the world of consumer finance. HIs work has been featured on Bloomberg News, Cheddar, CoinTelegraph, Law360, and numerous others. You can follow him on Twitter at @RossowEsq or visit his website AR Media Consulting.

Thank You! Welcome on board
We use cookies to improve our website's work and deliver better services.
Our use of cookies
Upgrade the manual re-reading of agreements with Loio's AI-driven Highlights. Be in full control over every editing decision, but have the power of machine learning analysis by your hand. Turn on the Highlights tool whenever you need an extra check of your document's most essential details.
These cookies collect information that is used to help Us understand how Our Site are being used or how effective Our marketing campaigns are, or to help Us customize Our Site for You. We use Google Analytics to recognize You and link the devices You use when You visit Our Site or Service on Your browser or mobile device, login to Your User Account on Our Site, or otherwise engage with Us.
Communication services
These cookies collect information that is used to help Us to facilitate the interaction with You on Our Site. We also use those cookies to improve customer service by maintaining contact with visitors of Our Site through Intercom chat.
Ad Services
We and Our third-party partners may also use cookies and tracking technologies for advertising purposes. These third-party services collect information about Your use of Our Site over time so that they may play or display ads on devices You may use, and on other websites, apps, or services.