Dubai, UAE, 12th July 2024, In the 15-year history of the cryptocurrency sector, many corrupt individuals have tried to find and exploit vulnerabilities in exchanges, bridges, and other platforms. The outcome is some of the most infamous hacks in the industry’s past. Let’s analyze a few more recent incidents and determine what valuable lessons the crypto community can learn from them.
Poly Network
The exploit of the Poly Network, a cross-chain interoperability protocol, took place in August 2021. It led to the theft of $610 million, marking one of the most daring cyber attacks in the cryptocurrency space.
After locating vulnerabilities in Poly Network’s smart contracts, an attacker found a way to access multiple wallets and successfully freed them from assets, transferring them to three wallets on various networks. Having discovered a leak of funds, the Poly team asked exchanges and miners to monitor the stolen tokens’ movements and appealed for the hacker’s transactions to be halted. Tether took action by freezing $33 million worth of USDT. In a public message on Twitter, the Poly team expressed their desire to initiate a dialogue with the hackers and encouraged them to return the stolen tokens. Less than 24 hours later, an unidentified individual (proclaiming to be the hacker) voiced willingness to return the funds. The identity of this hacker remains unknown.
Gradually, after days of a back-and-forth with the attacker, the Poly team announced the total return of stolen assets. While few believed that the hacker wanted to showcase vulnerabilities in such a big and trusted platform as Poly Network, the majority of the public was confident that the hacker gave back the funds only because it was difficult to launder and cash out the money due to the public record of the coins on the blockchain and the overall community’s outrage. Interestingly, at a certain point, the hacker was offered a $500,000 “bug bounty” and the company’s chief security advisor role but decided to decline.
Following the breach, the special bounty program was still initiated, aspiring to encourage researchers to find and responsibly disclose any other vulnerabilities in its software. However, this measure proved inadequate as, regrettably, this was not the last security breach for Poly Network. In the summer of 2023, it fell victim to another significant hack, with the intruder finding one more flaw in the project’s smart contracts. They minted multiple tokens estimated to be worth $43 billion but, fortunately, could only withdraw approximately $10 million due to limited liquidity. Those two breaches underscored the significance of conducting comprehensive code audits again, particularly for large-scale and high-profile projects like Poly Network.
Multichain
Multichain’s exploit is another of the most notorious hacking incidents in recent memory, resulting in the platform’s rapid decline and shutdown. On July 7, 2023, a cross-chain interoperability protocol Multichain lost $126 million, with the majority of funds, approximately $120 million, taken from the Fantom bridge. The details of how the hack occurred still have not been disclosed.
The criminal took advantage of the system and stole various assets, including wrapped Ether, wrapped Bitcoin, and USDC. They also targeted the Dogecoin bridge, taking $666,000 and causing an 85% decrease in total deposits. Finally, the Moon River bridge lost $6.8 million, including USDC and Tether, to this theft. Unfortunately, the MPC node servers were being used under Multichain’s CEO Zhaojun’s cloud server account, thus making logging in impossible for other team members. The Multichain team ceased operations one week after experiencing a hack, as they could not access the platform and assess the situation more thoroughly.
A year has passed, and the situation has not become clearer. Users are still facing difficulties in obtaining information or reaching their assets. This breach served as a reminder to the community that even widely used and reliable projects can have underlying security issues, neglect basic safety rules, and even lie about the practices present within the project.
Conclusion
The digital currency sector has faced multiple high-profile cyber assaults that have influenced the cryptocurrency market immensely, harming people’s belief in the security of crypto products and the overall potential of the industry. However, they have also motivated crypto projects to examine their safety measures, implement more efficient approaches, and create new, more sophisticated ways to shield against future threats.
Kinetex Network: Website | Kinetex dApp | Blog
Comments