Poly Network Validation Error: Difference between revisions

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search
(Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/polynetworkvalidationerror.php}} thumb|Poly NetworkThe Poly Network allows different smart chains to interact with one another securely. However, it contained a vulnerability which allowed funds to be removed. A hacker exploited the vulnerability, messed up their transactions such that their identity became known, and then proceeded to return the funds in exchange for a $5...")
 
No edit summary
Line 1: Line 1:
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/polynetworkvalidationerror.php}}
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/polynetworkvalidationerror.php}}
{{Unattributed Sources}}


[[File:Polynetwork.jpg|thumb|Poly Network]]The Poly Network allows different smart chains to interact with one another securely. However, it contained a vulnerability which allowed funds to be removed. A hacker exploited the vulnerability, messed up their transactions such that their identity became known, and then proceeded to return the funds in exchange for a $500k bounty and legal immunity.
[[File:Polynetwork.jpg|thumb|Poly Network]]The Poly Network allows different smart chains to interact with one another securely. However, it contained a vulnerability which allowed funds to be removed. A hacker exploited the vulnerability, messed up their transactions such that their identity became known, and then proceeded to return the funds in exchange for a $500k bounty and legal immunity.
Line 6: Line 7:


This is a global/international case not involving a specific country.
This is a global/international case not involving a specific country.
<ref name="ndtvgadgets-3156" /><ref name="openblocksecgithub-2342" /><ref name="blocksecteammedium-3157" /><ref name="blocksecteammedium-3158" /><ref name="slowmistmedium-3159" /><ref name="slowmistmedium-3160" /><ref name="peckshieldmedium-3161" /><ref name="muditblog-3162" /><ref name="rektnews-3163" /><ref name="kelvinfichtertwitter-3164" /><ref name="slowmistmedium-3165" /><ref name="breadcrumbsappmedium-3166" /><ref name="breadcrumbsappmedium-3167" /><ref name="snikotwitter-3168" /><ref name="googlesites-3169" /><ref name="ciphertrace-3170" /><ref name="polynetwork-3171" /><ref name="cryptoeconomy-3172" /><ref name="polynetwork-3173" /><ref name="polynetwork2twitter-3174" /><ref name="bscscan-3175" /><ref name="bscscan-3176" /><ref name="bscscan-3177" /><ref name="bscscan-3178" /><ref name="bscscan-3179" /><ref name="bscscan-3180" /><ref name="bscscan-3181" /><ref name="bscscan-3182" /><ref name="etherscan-3183" /><ref name="etherscan-3184" /><ref name="etherscan-3185" /><ref name="paoloardoinotwitter-3186" /><ref name="polynetwork2twitter-3187" /><ref name="etherscan-3188" /><ref name="wardbradttwitter-3189" /><ref name="googledoc-3190" /><ref name="blocksecteammedium-3725" /><ref name="certikiotwitter-5452" /><ref name="certikiotwitter-5453" /><ref name="defidotwin-6371" /><ref name="defidotwin-6372" /><ref name="defidotwin-6373" /><ref name="defidotwin-6374" /><ref name="defidotwin-6375" /><ref name="defidotwin-6376" /><ref name="defidotwin-6377" /><ref name="coindesk-7660" /><ref name="certikmedium-7820" /><ref name="bbc-8305" /><ref name="aljazeera-8306" /><ref name="bloomberg-8307" /><ref name="reuters-8308" /><ref name="rektnews-8683" /><ref name="etherscan-8684" /><ref name="etherscan-8685" /><ref name="etherscan-8686" /><ref name="bscscan-8687" /><ref name="amanusktwitter-8688" /><ref name="etherscan-8689" /><ref name="amanusktwitter-8690" /><ref name="hsakatradestwitter-8691" /><ref name="theblocktwitter-8692" /><ref name="hsakatradestwitter-8693" /><ref name="underthebreachtwitter-8694" /><ref name="hsakatradestwitter-8695" /><ref name="theblock-8696" /><ref name="breadcrumbsapp-8697" />


== About Poly Network ==
== About Poly Network ==
Line 169: Line 171:


== References ==
== References ==
[https://gadgets.ndtv.com/cryptocurrency/news/cryptocurrency-heist-hacker-poly-network-hack-stolen-usd-600-million-ethereum-ether-binance-chain-polygon-2507765 Cryptocurrency Heist: Poly Network Says Hackers Stole Record $600 Million | Technology News] (Aug 18)
<references><ref name="ndtvgadgets-3156">[https://gadgets.ndtv.com/cryptocurrency/news/cryptocurrency-heist-hacker-poly-network-hack-stolen-usd-600-million-ethereum-ether-binance-chain-polygon-2507765 Cryptocurrency Heist: Poly Network Says Hackers Stole Record $600 Million | Technology News] (Aug 19, 2021)</ref>


[https://github.com/openblocksec/blocksec-incidents/blob/main/defi/2021.md blocksec-incidents/2021.md at main · openblocksec/blocksec-incidents · GitHub] (Aug 10)
<ref name="openblocksecgithub-2342">[https://github.com/openblocksec/blocksec-incidents/blob/main/defi/2021.md blocksec-incidents/2021.md at main · openblocksec/blocksec-incidents · GitHub] (Aug 11, 2021)</ref>


[https://blocksecteam.medium.com/the-retrospection-of-the-poly-network-hack-from-a-security-researcher-perspective-7b9f5c6f06d1 The Retrospection Of The Poly Network Hack From A Security Researcher Perspective] (Aug 28)
<ref name="blocksecteammedium-3157">[https://blocksecteam.medium.com/the-retrospection-of-the-poly-network-hack-from-a-security-researcher-perspective-7b9f5c6f06d1 The Retrospection Of The Poly Network Hack From A Security Researcher Perspective] (Aug 29, 2021)</ref>


[https://blocksecteam.medium.com/the-further-analysis-of-the-poly-network-attack-6c459199c057 The Further Analysis Of The Poly Network Attack] (Aug 28)
<ref name="blocksecteammedium-3158">[https://blocksecteam.medium.com/the-further-analysis-of-the-poly-network-attack-6c459199c057 The Further Analysis Of The Poly Network Attack] (Aug 29, 2021)</ref>


[https://slowmist.medium.com/the-analysis-and-q-a-of-poly-network-being-hacked-8112a35beb39 The Analysis And Q A Of Poly Network Being Hacked] (Aug 28)
<ref name="slowmistmedium-3159">[https://slowmist.medium.com/the-analysis-and-q-a-of-poly-network-being-hacked-8112a35beb39 The Analysis And Q A Of Poly Network Being Hacked] (Aug 29, 2021)</ref>


[https://slowmist.medium.com/the-root-cause-of-poly-network-being-hacked-ec2ee1b0c68f The Root Cause Of Poly Network Being Hacked] (Aug 28)
<ref name="slowmistmedium-3160">[https://slowmist.medium.com/the-root-cause-of-poly-network-being-hacked-ec2ee1b0c68f The Root Cause Of Poly Network Being Hacked] (Aug 29, 2021)</ref>


[https://peckshield.medium.com/polynetwork-bug-review-and-patch-analysis-88bde8441297 Polynetwork Bug Review And Patch Analysis] (Aug 28)
<ref name="peckshieldmedium-3161">[https://peckshield.medium.com/polynetwork-bug-review-and-patch-analysis-88bde8441297 Polynetwork Bug Review And Patch Analysis] (Aug 29, 2021)</ref>


[https://mudit.blog/poly-network-largest-crypto-hack/ Poly Network Hack Analysis - Largest Crypto Hack | Mudit Gupta's Blog] (Aug 28)
<ref name="muditblog-3162">[https://mudit.blog/poly-network-largest-crypto-hack/ Poly Network Hack Analysis - Largest Crypto Hack | Mudit Gupta's Blog] (Aug 29, 2021)</ref>


[https://www.rekt.news/polynetwork-rekt/ Rekt - Poly Network - REKT] (Aug 28)
<ref name="rektnews-3163">[https://www.rekt.news/polynetwork-rekt/ Rekt - Poly Network - REKT] (Aug 29, 2021)</ref>


[https://twitter.com/kelvinfichter/status/1425217046636371969 @kelvinfichter Twitter] (Aug 28)
<ref name="kelvinfichtertwitter-3164">[https://twitter.com/kelvinfichter/status/1425217046636371969 @kelvinfichter Twitter] (Aug 29, 2021)</ref>


[https://slowmist.medium.com/slowmist-tracking-possible-identification-clues-related-to-poly-network-attackers-b330d4d710f SlowMist: Tracking possible identification clues related to Poly Network attackers | by SlowMist | Medium] (Aug 28)
<ref name="slowmistmedium-3165">[https://slowmist.medium.com/slowmist-tracking-possible-identification-clues-related-to-poly-network-attackers-b330d4d710f SlowMist: Tracking possible identification clues related to Poly Network attackers | by SlowMist | Medium] (Aug 29, 2021)</ref>


[https://medium.com/breadcrumbsapp/hacker-returns-poly-network-funds-ransom-deals-in-the-time-of-defi-2d28f24452c Hacker Returns Poly Network Funds Ransom Deals In The Time Of Defi] (Aug 28)
<ref name="breadcrumbsappmedium-3166">[https://medium.com/breadcrumbsapp/hacker-returns-poly-network-funds-ransom-deals-in-the-time-of-defi-2d28f24452c Hacker Returns Poly Network Funds Ransom Deals In The Time Of Defi] (Aug 29, 2021)</ref>


[https://medium.com/breadcrumbsapp/the-600m-poly-network-hack-the-biggest-hack-in-defi-history-e2efe56cf3a8 The 600m Poly Network Hack The Biggest Hack In Defi History] (Aug 28)
<ref name="breadcrumbsappmedium-3167">[https://medium.com/breadcrumbsapp/the-600m-poly-network-hack-the-biggest-hack-in-defi-history-e2efe56cf3a8 The 600m Poly Network Hack The Biggest Hack In Defi History] (Aug 29, 2021)</ref>


[https://twitter.com/sniko_/status/1426539896102137859 @sniko_ Twitter] (Aug 28)
<ref name="snikotwitter-3168">[https://twitter.com/sniko_/status/1426539896102137859 @sniko_ Twitter] (Aug 29, 2021)</ref>


[https://sites.google.com/view/hackersconfession/ Poly network and Hacker Communicate] (Aug 28)
<ref name="googlesites-3169">[https://sites.google.com/view/hackersconfession/ Poly network and Hacker Communicate] (Aug 29, 2021)</ref>


[https://ciphertrace.com/poly-network-suffers-largest-crypto-hack-ever-recorded/ Poly Network Suffers Largest Crypto Hack Ever Recorded - CipherTrace] (Sep 9)
<ref name="ciphertrace-3170">[https://ciphertrace.com/poly-network-suffers-largest-crypto-hack-ever-recorded/ Poly Network Suffers Largest Crypto Hack Ever Recorded - CipherTrace] (Sep 10, 2021)</ref>


[https://poly.network/ PolyNetwork] (Sep 16)
<ref name="polynetwork-3171">[https://poly.network/ PolyNetwork] (Sep 17, 2021)</ref>


[https://crypto-economy.com/poly-network-loses-611-million-in-the-biggest-defi-hack-to-date/ Poly Network Loses $611 Million in the Biggest DeFi Hack to Data] (Sep 16)
<ref name="cryptoeconomy-3172">[https://crypto-economy.com/poly-network-loses-611-million-in-the-biggest-defi-hack-to-date/ Poly Network Loses $611 Million in the Biggest DeFi Hack to Data] (Sep 17, 2021)</ref>


[https://poly.network/PolyNetwork-whitepaper.pdf PolyNetwork: An Interoperability Protocol for Heterogeneous Blockchains] (Sep 18)
<ref name="polynetwork-3173">[https://poly.network/PolyNetwork-whitepaper.pdf PolyNetwork: An Interoperability Protocol for Heterogeneous Blockchains] (Sep 19, 2021)</ref>


[https://twitter.com/PolyNetwork2/status/1425123153009803267 @PolyNetwork2 Twitter] (Sep 18)
<ref name="polynetwork2twitter-3174">[https://twitter.com/PolyNetwork2/status/1425123153009803267 @PolyNetwork2 Twitter] (Sep 19, 2021)</ref>


[https://bscscan.com/address/0x7cea671dabfba880af6723bddd6b9f4caa15c87b Contract Address 0x7cea671dabfba880af6723bddd6b9f4caa15c87b | BscScan] (Sep 18)
<ref name="bscscan-3175">[https://bscscan.com/address/0x7cea671dabfba880af6723bddd6b9f4caa15c87b Contract Address 0x7cea671dabfba880af6723bddd6b9f4caa15c87b | BscScan] (Sep 19, 2021)</ref>


[https://bscscan.com/tx/0x3eba3f1fb50c4cbe76e7cc4dcc14ac7544762a0e785cf22034f175f67c8d3be9 Binance Transaction Hash (Txhash) Details | BscScan] (Sep 18)
<ref name="bscscan-3176">[https://bscscan.com/tx/0x3eba3f1fb50c4cbe76e7cc4dcc14ac7544762a0e785cf22034f175f67c8d3be9 Binance Transaction Hash (Txhash) Details | BscScan] (Sep 19, 2021)</ref>


[https://bscscan.com/tx/0x534966864bda354628d4f1c66db45cbefcdda7433e9576e7664fea01bb05be9a Binance Transaction Hash (Txhash) Details | BscScan] (Sep 18)
<ref name="bscscan-3177">[https://bscscan.com/tx/0x534966864bda354628d4f1c66db45cbefcdda7433e9576e7664fea01bb05be9a Binance Transaction Hash (Txhash) Details | BscScan] (Sep 19, 2021)</ref>


[https://bscscan.com/tx/0xd59223a8cd2406cfd0563b16e06482b9a3efecfd896d590a3dba1042697de11a Binance Transaction Hash (Txhash) Details | BscScan] (Sep 18)
<ref name="bscscan-3178">[https://bscscan.com/tx/0xd59223a8cd2406cfd0563b16e06482b9a3efecfd896d590a3dba1042697de11a Binance Transaction Hash (Txhash) Details | BscScan] (Sep 19, 2021)</ref>


[https://bscscan.com/tx/0x4e57f59395aca4847c4d001db4a980b92aab7676bc0e2d57ee39e83502527d6c Binance Transaction Hash (Txhash) Details | BscScan] (Sep 18)
<ref name="bscscan-3179">[https://bscscan.com/tx/0x4e57f59395aca4847c4d001db4a980b92aab7676bc0e2d57ee39e83502527d6c Binance Transaction Hash (Txhash) Details | BscScan] (Sep 19, 2021)</ref>


[https://bscscan.com/tx/0x50105b6d07b4d738cd11b4b8ae16943bed09c7ce724dc8b171c74155dd496c25 Binance Transaction Hash (Txhash) Details | BscScan] (Sep 18)
<ref name="bscscan-3180">[https://bscscan.com/tx/0x50105b6d07b4d738cd11b4b8ae16943bed09c7ce724dc8b171c74155dd496c25 Binance Transaction Hash (Txhash) Details | BscScan] (Sep 19, 2021)</ref>


[https://bscscan.com/tx/0xd65025a2dd953f529815bd3c669ada635c6001b3cc50e042f9477c7db077b4c9 Binance Transaction Hash (Txhash) Details | BscScan] (Sep 18)
<ref name="bscscan-3181">[https://bscscan.com/tx/0xd65025a2dd953f529815bd3c669ada635c6001b3cc50e042f9477c7db077b4c9 Binance Transaction Hash (Txhash) Details | BscScan] (Sep 19, 2021)</ref>


[https://bscscan.com/tx/0xea37b320843f75a8a849fdf13cd357cb64761a848d48a516c3cac5bbd6caaad5 Binance Transaction Hash (Txhash) Details | BscScan] (Sep 18)
<ref name="bscscan-3182">[https://bscscan.com/tx/0xea37b320843f75a8a849fdf13cd357cb64761a848d48a516c3cac5bbd6caaad5 Binance Transaction Hash (Txhash) Details | BscScan] (Sep 19, 2021)</ref>


[https://etherscan.io/address/0x838bf9e95cb12dd76a54c9f9d2e3082eaf928270 Contract Address 0x838bf9e95cb12dd76a54c9f9d2e3082eaf928270 | Etherscan] (Sep 18)
<ref name="etherscan-3183">[https://etherscan.io/address/0x838bf9e95cb12dd76a54c9f9d2e3082eaf928270 Contract Address 0x838bf9e95cb12dd76a54c9f9d2e3082eaf928270 | Etherscan] (Sep 19, 2021)</ref>


[https://etherscan.io/tx/0xb1f70464bd95b774c6ce60fc706eb5f9e35cb5f06e6cfe7c17dcda46ffd59581 Ethereum Transaction Hash (Txhash) Details | Etherscan] (Sep 18)
<ref name="etherscan-3184">[https://etherscan.io/tx/0xb1f70464bd95b774c6ce60fc706eb5f9e35cb5f06e6cfe7c17dcda46ffd59581 Ethereum Transaction Hash (Txhash) Details | Etherscan] (Sep 19, 2021)</ref>


[https://etherscan.io/tx/0xad7a2c70c958fcd3effbf374d0acf3774a9257577625ae4c838e24b0de17602a Ethereum Transaction Hash (Txhash) Details | Etherscan] (Sep 18)
<ref name="etherscan-3185">[https://etherscan.io/tx/0xad7a2c70c958fcd3effbf374d0acf3774a9257577625ae4c838e24b0de17602a Ethereum Transaction Hash (Txhash) Details | Etherscan] (Sep 19, 2021)</ref>


[https://twitter.com/paoloardoino/status/1425090760609832978 @paoloardoino Twitter] (Sep 18)
<ref name="paoloardoinotwitter-3186">[https://twitter.com/paoloardoino/status/1425090760609832978 @paoloardoino Twitter] (Sep 19, 2021)</ref>


[https://twitter.com/PolyNetwork2/status/1425073987164381196 @PolyNetwork2 Twitter] (Sep 18)
<ref name="polynetwork2twitter-3187">[https://twitter.com/PolyNetwork2/status/1425073987164381196 @PolyNetwork2 Twitter] (Sep 19, 2021)</ref>


[https://etherscan.io/tx/0xb12681d9e91e69b94960611b227c90af25e5352881907f1deee609b8d5e94d7d Ethereum Transaction Hash (Txhash) Details | Etherscan] (Sep 18)
<ref name="etherscan-3188">[https://etherscan.io/tx/0xb12681d9e91e69b94960611b227c90af25e5352881907f1deee609b8d5e94d7d Ethereum Transaction Hash (Txhash) Details | Etherscan] (Sep 19, 2021)</ref>


[https://twitter.com/wardbradt/status/1425112492397764609 @wardbradt Twitter] (Sep 18)
<ref name="wardbradttwitter-3189">[https://twitter.com/wardbradt/status/1425112492397764609 @wardbradt Twitter] (Sep 19, 2021)</ref>


[https://docs.google.com/spreadsheets/u/1/d/11LUJwLoHX8ZCyfjhg5YZ0V99iU6PafMNL_NET45FSVc/htmlview?pru=AAABe1lDAS0*CdZKWo5WZNYwj5Qca8505A#gid=0 Polynetwork and Hacker Communicate - Google Drive] (Sep 18)
<ref name="googledoc-3190">[https://docs.google.com/spreadsheets/u/1/d/11LUJwLoHX8ZCyfjhg5YZ0V99iU6PafMNL_NET45FSVc/htmlview?pru=AAABe1lDAS0*CdZKWo5WZNYwj5Qca8505A#gid=0 Polynetwork and Hacker Communicate - Google Drive] (Sep 19, 2021)</ref>


[https://blocksecteam.medium.com/the-informal-security-review-of-the-patch-of-the-poly-network-1a0a532b731e The Informal Security Review Of The Patch Of The Poly Network] (Oct 14)
<ref name="blocksecteammedium-3725">[https://blocksecteam.medium.com/the-informal-security-review-of-the-patch-of-the-poly-network-1a0a532b731e The Informal Security Review Of The Patch Of The Poly Network] (Oct 15, 2021)</ref>


[https://mobile.twitter.com/certik_io/status/1426219879171072001 https://mobile.twitter.com/certik_io/status/1426219879171072001] (Jan 10)
<ref name="certikiotwitter-5452">[https://mobile.twitter.com/certik_io/status/1426219879171072001 https://mobile.twitter.com/certik_io/status/1426219879171072001] (Jan 10, 2022)</ref>


[https://mobile.twitter.com/certik_io/status/1425674497177366529 https://mobile.twitter.com/certik_io/status/1425674497177366529] (Jan 10)
<ref name="certikiotwitter-5453">[https://mobile.twitter.com/certik_io/status/1425674497177366529 https://mobile.twitter.com/certik_io/status/1425674497177366529] (Jan 10, 2022)</ref>


[https://www.defi.win/the-poly-hack-and-cryptos-trust-issues-david-z-morris/ The Poly Hack and Crypto’s Trust Issues | David Z. Morris – Defi] (Feb 12)
<ref name="defidotwin-6371">[https://www.defi.win/the-poly-hack-and-cryptos-trust-issues-david-z-morris/ The Poly Hack and Crypto’s Trust Issues | David Z. Morris – Defi] (Feb 12, 2022)</ref>


[https://www.defi.win/defi-protocol-polynetwork-suffers-major-attack-over-600-million-worth-of-crypto-stolen/ DeFi Protocol PolyNetwork Suffers Major Attack, Over $600 Million Worth of Crypto Stolen – Defi] (Feb 12)
<ref name="defidotwin-6372">[https://www.defi.win/defi-protocol-polynetwork-suffers-major-attack-over-600-million-worth-of-crypto-stolen/ DeFi Protocol PolyNetwork Suffers Major Attack, Over $600 Million Worth of Crypto Stolen – Defi] (Feb 12, 2022)</ref>


[https://www.defi.win/poly-hack-raises-more-questions-than-answers/ Poly Hack Raises More Questions Than Answers – Defi] (Feb 12)
<ref name="defidotwin-6373">[https://www.defi.win/poly-hack-raises-more-questions-than-answers/ Poly Hack Raises More Questions Than Answers – Defi] (Feb 12, 2022)</ref>


[https://www.defi.win/hackers-stole-over-600-million-from-poly-network-through-exploit/ Hackers Stole Over $600 Million from Poly Network Through Exploit – Defi] (Feb 12)
<ref name="defidotwin-6374">[https://www.defi.win/hackers-stole-over-600-million-from-poly-network-through-exploit/ Hackers Stole Over $600 Million from Poly Network Through Exploit – Defi] (Feb 12, 2022)</ref>


[https://www.defi.win/poly-network-prepares-for-hacker-to-return-millions-in-stolen-crypto/ Poly Network Prepares for Hacker to Return Millions in Stolen Crypto – Defi] (Feb 12)
<ref name="defidotwin-6375">[https://www.defi.win/poly-network-prepares-for-hacker-to-return-millions-in-stolen-crypto/ Poly Network Prepares for Hacker to Return Millions in Stolen Crypto – Defi] (Feb 12, 2022)</ref>


[https://www.defi.win/crypto-panhandlers-beg-poly-network-attacker-for-share-of-613m-haul/ Crypto Panhandlers Beg Poly Network Attacker for Share of $613M Haul – Defi] (Feb 12)
<ref name="defidotwin-6376">[https://www.defi.win/crypto-panhandlers-beg-poly-network-attacker-for-share-of-613m-haul/ Crypto Panhandlers Beg Poly Network Attacker for Share of $613M Haul – Defi] (Feb 12, 2022)</ref>


[https://www.defi.win/cross-chain-defi-site-poly-network-hacked-hundreds-of-millions-potentially-lost/ Cross-Chain DeFi Site Poly Network Hacked; Hundreds of Millions Potentially Lost – Defi] (Feb 12)
<ref name="defidotwin-6377">[https://www.defi.win/cross-chain-defi-site-poly-network-hacked-hundreds-of-millions-potentially-lost/ Cross-Chain DeFi Site Poly Network Hacked; Hundreds of Millions Potentially Lost – Defi] (Feb 12, 2022)</ref>


[https://www.coindesk.com/tech/2021/08/11/returned-funds-blacklisted-tokens-raise-more-questions-than-answers-in-defis-biggest-hack/ Poly Hack Raises More Questions Than Answers - CoinDesk] (May 7)
<ref name="coindesk-7660">[https://www.coindesk.com/tech/2021/08/11/returned-funds-blacklisted-tokens-raise-more-questions-than-answers-in-defis-biggest-hack/ Poly Hack Raises More Questions Than Answers - CoinDesk] (May 7, 2022)</ref>


[https://certik.medium.com/polynetwork-hack-analysis-a86513f2a730 Polynetwork Hack Analysis] (May 30)
<ref name="certikmedium-7820">[https://certik.medium.com/polynetwork-hack-analysis-a86513f2a730 Polynetwork Hack Analysis] (May 30, 2022)</ref>


[https://www.bbc.com/news/business-58180692 https://www.bbc.com/news/business-58180692] (Jul 2)
<ref name="bbc-8305">[https://www.bbc.com/news/business-58180692 https://www.bbc.com/news/business-58180692] (Jul 2, 2022)</ref>


[https://www.aljazeera.com/news/2021/8/12/hackers-return-260-mln-to-cryptocurrency-platform-after-massive play] (Jul 2)
<ref name="aljazeera-8306">[https://www.aljazeera.com/news/2021/8/12/hackers-return-260-mln-to-cryptocurrency-platform-after-massive play] (Jul 2, 2022)</ref>


[https://www.bloomberg.com/news/articles/2021-08-10/hackers-steal-600-million-in-likely-largest-defi-crypto-theft Bloomberg - Are you a robot?] (Jul 2)
<ref name="bloomberg-8307">[https://www.bloomberg.com/news/articles/2021-08-10/hackers-steal-600-million-in-likely-largest-defi-crypto-theft Bloomberg - Are you a robot?] (Jul 2, 2022)</ref>


[https://www.reuters.com/technology/defi-platform-poly-network-reports-hacking-loses-estimated-600-million-2021-08-11/ Hackers return $260 mln to cryptocurrency platform after massive theft | Reuters] (Jul 2)
<ref name="reuters-8308">[https://www.reuters.com/technology/defi-platform-poly-network-reports-hacking-loses-estimated-600-million-2021-08-11/ Hackers return $260 mln to cryptocurrency platform after massive theft | Reuters] (Jul 2, 2022)</ref>


[https://rekt.news/polynetwork-rekt/ Rekt - Poly Network - REKT] (Jul 22)
<ref name="rektnews-8683">[https://rekt.news/polynetwork-rekt/ Rekt - Poly Network - REKT] (Jul 22, 2022)</ref>


[https://etherscan.io/address/0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963 https://etherscan.io/address/0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963] (Jul 22)
<ref name="etherscan-8684">[https://etherscan.io/address/0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963 https://etherscan.io/address/0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963] (Jul 22, 2022)</ref>


[https://etherscan.io/txs?a=0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963&p=33 https://etherscan.io/txs?a=0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963&p=33] (Jul 22)
<ref name="etherscan-8685">[https://etherscan.io/txs?a=0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963&p=33 https://etherscan.io/txs?a=0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963&p=33] (Jul 22, 2022)</ref>


[https://etherscan.io/tx/0xae2442c5b5721df8c190fd8f59b53b6dc56a875fb03035ad34276a598ddf7d31 https://etherscan.io/tx/0xae2442c5b5721df8c190fd8f59b53b6dc56a875fb03035ad34276a598ddf7d31] (Jul 22)
<ref name="etherscan-8686">[https://etherscan.io/tx/0xae2442c5b5721df8c190fd8f59b53b6dc56a875fb03035ad34276a598ddf7d31 https://etherscan.io/tx/0xae2442c5b5721df8c190fd8f59b53b6dc56a875fb03035ad34276a598ddf7d31] (Jul 22, 2022)</ref>


[https://bscscan.com/txs?a=0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71&p=105 https://bscscan.com/txs?a=0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71&p=105] (Jul 22)
<ref name="bscscan-8687">[https://bscscan.com/txs?a=0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71&p=105 https://bscscan.com/txs?a=0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71&p=105] (Jul 22, 2022)</ref>


[https://twitter.com/amanusk_/status/1425095549724803075 @amanusk_ Twitter] (Jul 22)
<ref name="amanusktwitter-8688">[https://twitter.com/amanusk_/status/1425095549724803075 @amanusk_ Twitter] (Jul 22, 2022)</ref>


[https://etherscan.io/tx/0xdf3afc47c7914e06ddb1be19afcd769e558111d353e55273a62c4a96e6a6090f https://etherscan.io/tx/0xdf3afc47c7914e06ddb1be19afcd769e558111d353e55273a62c4a96e6a6090f] (Jul 22)
<ref name="etherscan-8689">[https://etherscan.io/tx/0xdf3afc47c7914e06ddb1be19afcd769e558111d353e55273a62c4a96e6a6090f https://etherscan.io/tx/0xdf3afc47c7914e06ddb1be19afcd769e558111d353e55273a62c4a96e6a6090f] (Jul 22, 2022)</ref>


[https://twitter.com/amanusk_/status/1425099191538364416 @amanusk_ Twitter] (Jul 22)
<ref name="amanusktwitter-8690">[https://twitter.com/amanusk_/status/1425099191538364416 @amanusk_ Twitter] (Jul 22, 2022)</ref>


[https://twitter.com/HsakaTrades/status/1425095512047472646 @HsakaTrades Twitter] (Jul 22)
<ref name="hsakatradestwitter-8691">[https://twitter.com/HsakaTrades/status/1425095512047472646 @HsakaTrades Twitter] (Jul 22, 2022)</ref>


[https://twitter.com/TheBlock__/status/1425117291939782658 @TheBlock__ Twitter] (Jul 22)
<ref name="theblocktwitter-8692">[https://twitter.com/TheBlock__/status/1425117291939782658 @TheBlock__ Twitter] (Jul 22, 2022)</ref>


[https://twitter.com/HsakaTrades/status/1425104726295818245 @HsakaTrades Twitter] (Jul 22)
<ref name="hsakatradestwitter-8693">[https://twitter.com/HsakaTrades/status/1425104726295818245 @HsakaTrades Twitter] (Jul 22, 2022)</ref>


[https://twitter.com/UnderTheBreach/status/1425127303353356293 @UnderTheBreach Twitter] (Jul 22)
<ref name="underthebreachtwitter-8694">[https://twitter.com/UnderTheBreach/status/1425127303353356293 @UnderTheBreach Twitter] (Jul 22, 2022)</ref>


[https://twitter.com/HsakaTrades/status/1425136597708591104 @HsakaTrades Twitter] (Jul 22)
<ref name="hsakatradestwitter-8695">[https://twitter.com/HsakaTrades/status/1425136597708591104 @HsakaTrades Twitter] (Jul 22, 2022)</ref>


[https://www.theblock.co/post/114045/at-least-611-million-stolen-in-massive-cross-chain-hack https://www.theblock.co/post/114045/at-least-611-million-stolen-in-massive-cross-chain-hack] (Jul 22)
<ref name="theblock-8696">[https://www.theblock.co/post/114045/at-least-611-million-stolen-in-massive-cross-chain-hack https://www.theblock.co/post/114045/at-least-611-million-stolen-in-massive-cross-chain-hack] (Jul 22, 2022)</ref>


[https://www.breadcrumbs.app/reports/671 https://www.breadcrumbs.app/reports/671] (Jul 22)
<ref name="breadcrumbsapp-8697">[https://www.breadcrumbs.app/reports/671 https://www.breadcrumbs.app/reports/671] (Jul 22, 2022)</ref></references>

Revision as of 21:56, 22 February 2023

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Poly Network

The Poly Network allows different smart chains to interact with one another securely. However, it contained a vulnerability which allowed funds to be removed. A hacker exploited the vulnerability, messed up their transactions such that their identity became known, and then proceeded to return the funds in exchange for a $500k bounty and legal immunity.

It remains to be seen whether the legal immunity will hold up in court. In the meantime, the funds have been distributed back to affected users.

This is a global/international case not involving a specific country. [1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35][36][37][38][39][40][41][42][43][44][45][46][47][48][49][50][51][52][53][54][55][56][57][58][59][60][61][62][63][64][65][66][67]

About Poly Network

"In order to build a better next-generation internet infrastructure, we have launched a new cross-chain technology, the Poly Network. Poly Network is based on the side-chain/relay mode and adopts a two-layer architecture. It employs the Poly chain as a cross-chain coordinator, multiple homogeneous chains as crosschain transaction executors, and Relayer as a cross-chain information porter. By resolving issues such as trust, security and transaction issues of chain data, we have realized a safe, easy-to-use and efficient cross-chain system."

"Poly Network acts as a cross-chain interoperability bridge to facilitate the transfer of tokens between two relatively independent blockchains. As such, one of their main Poly Network smart contracts is the bridge itself. In order for bridges between chains to act effectively (e.g. for users to be able to use the network to transfer tokens across chains), they need to maintain large sums of liquidity. Whenever a user wants to “bridge” between chains Poly Network needs to efficiently burn/mint the equivalent assets on the respective chains."

"Poly Network is built to implement interoperability between multiple chains in order to build the next generation internet infrastructure. Authorized homogeneous and heterogeneous public blockchains can connect to Poly Network through an open, transparent admission mechanism and communicate with other blockchains. Poly Network has already integrated Bitcoin, Ethereum, Neo, Ontology, Elrond, Ziliqa, Binance Smart Chain, Switcheo and Huobi ECO Chain. More institutions and organizations are welcome to join Poly Network and build the next generation internet with us."

"The contract that issues these cross-chain token transfers uses “keepers” to verify and execute the transactions. Once the keeper signs on the source chain the CrossChainManager contract on the destination chain will check the Keeper’s signature for validity and execute the equivalent on the destination chain to complete the “bridge”."

"There is currently no indication that the Poly Network code had ever received an audit. Searching through the protocol’s GitHub repos did not indicate any audits had been performed or reported."

"On August 10, Poly Network suffered a $612 million hack—the largest crypto-related hack to date. Where the typical DeFi hack is against specific DeFi instruments, resulting in much smaller losses, in this case the attack was against Poly Network’s infrastructure, focusing on the DeFi platform itself and targeting control of the decentralized exchange’s (DEX) smart contracts."

"Since the smart contract executes the transactions and not the user themselves, the hacker was able to exploit the CrossChainManager smart contract and swap the “keepers” for a malicious keeper under their control. As a result, the main cross-chain contract on the Poly Network became completely controlled by the hacker, allowing him to unlock tokens that were supposed to remain locked within the bridge contract and move the tokens to addresses under his control. The hacker then replicated the attack across chains."

"As a result, the main cross-chain contract became completely controlled by the hacker, allowing him to unlock tokens that were supposed to be locked within the contract, send the tokens to addresses under their control, and then repeat the attack across chains."

"Poly has a contract called the "EthCrossChainManager". It's a privileged contract that has the right to trigger messages from another chain. It's a standard thing for cross-chain projects."

"It has a function named verifyHeaderAndExecuteTx that anyone can call to execute a cross-chain transaction."

"It (1) verifies that the block header is correct by checking signatures (seems the other chain was a poa sidechain or) and then (2) checks that the transaction was included within that block with a Merkle proof. Here's the code."

"One of the last things the function does is call executeCrossChainTx, which makes the call to the target contract. This is where the critical flaw sits. Poly checks that the target is a contract, but they forgot to prevent users from calling a very important target... the EthCrossChainData contract"

"By sending this cross-chain message, the user could trick the EthCrossChainManager into calling the EthCrossChainData contract, passing the onlyOwner check. Now the user just had to craft the right data to be able to trigger the function that changes the public keys…"

"The only remaining challenge was to figure out how to make the EthCrossChainManager call the right function. Now comes a little bit of complexity around how Solidity picks which function you're trying to call."

"The first four bytes of transaction input data is called the "signature hash" or "sighash" for short. It's a short piece of information that tells a Solidity contract what you're trying to do."

The sighash of a function is calculated by taking the first four bytes of the hash of "<function name>(<function input types>)". For example, the sighash of the ERC20 transfer function is the first four bytes of the hash of "transfer(address,uint256)".

"Poly's contract was willing to call any contract. However, it would only call the contract function that corresponded to the [right] sighash." "All the attacker had to do to call the right function was figure out some value for "_method" that, when combined with those other values and hashed, had the same leading four bytes as the sighash of our target function."

"With just a little bit of grinding, you can easily find some input that produces the right sighash. You don't need to find a full hash collision, you're only checking the first four bytes." "[H]ere's the actual sighash of the target function: http://ethers.utils.id ('putCurEpochConPubKeyBytes(bytes)').slice(0, 10) '0x41973cd9'"

"And the sighash that the attacker crafted... http://ethers.utils.id ('f1121318093(bytes,bytes,uint64)').slice(0, 10) '0x41973cd9'"

"Fantastic. No private key compromise required! Just craft the right data and boom... the contract will just hack itself!"

"This attack is mainly because the keeper of the EthCrossChainData contract can be modified by the EthCrossChainManager contract, and the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract can execute the data passed in by the user through the _executeCrossChainTx function. Therefore, the attacker uses this function to pass in carefully constructed data to modify the keeper of the EthCrossChainData contract. It is not the case that this event occurred due to the leakage of the keeper’s private key."

"1. The core of this attack is that the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract can execute specific cross-chain transactions through the _executeCrossChainTx function."

"2. Since the owner of the EthCrossChainData contract is the EthCrossChainManager contract, the EthCrossChainManager contract can modify the keeper of the contract by calling the putCurEpochConPubKeyBytes function of the EthCrossChainData contract."

"3. The verifyHeaderAndExecuteTx function of the EthCrossChainManager contract can perform user-specified cross-chain transactions by calling the _executeCrossChainTx function internally. So the attacker only needs to pass in the carefully constructed data through the verifyHeaderAndExecuteTx function for the _executeCrossChainTx function to execute the call to the EthCrossChainData contract PutCurEpochConPubKeyBytes function to change the keeper role to the address specified attackers."

"4. After replacing the address of the keeper role, the attacker can construct a transaction at will and withdraw any amount of funds from the contract."

"Shortly after the exploit, an unexpected protagonist appeared, going by the name of hanashiro.eth."

"hanashiro.eth first gained attention when they sent the hacker a tip about how to handle USDT, for which they received 13.37 Ether from the hacker as a reward." "Many others sent messages to the hacker afterwards, but none were quite as successful as hanashiro.eth."

"Hanashiro sent 1.337 of the 13.37 ETH he received to Vitalik." "Meanwhile our old friend hanashiro is now on a donation spree. Even donated to @RektHQ who will be writing extensively on him in their next report."

"With a truly crypto native level of philanthropic showmanship, hanashiro.eth went on to donate their stolen money to a few of the foundational organisations which support our industry, such as Infura, Etherscan, and rekt.news."

"Tether froze all of the 33M USDT that were stolen on the Ethereum chain." "$33M USDT frozen."

"By this point th[ings] had really hit the fan; and all eyes were on Poly Network, who resorted to posting an open letter to the attacker begging them to return the funds."

"[T]hen @WardBradt tweeted."

"Did the PolyNetwork Exploiter accidentally use the wrong sender address for this tx? The sender address is tied to FTX, Binance, Okex accounts."

"In all the swapping the hacker has done in an effort to obfuscate their trail, it appears the hacker had at one point reused a wallet that already had previous transactions with some prominent exchanges that could have identifying “know your customer” (KYC) information on him."

"Surely a hacker who feels confident enough to attempt an attack of this scale wouldn’t make such a basic OPSEC error? Or maybe they used fake KYC documents…"

"Either way, we began to see signs of fear from the attacker."

"The hacker began to suggest that they might return "some tokens" or even abandon them, saying that they were "not so interested in the money"."

"Then the hacker considered the idea of creating a DAO to distribute the stolen funds."

"Finally, the pressure became too much, and the hacker announced that they were “READY TO SURRENDER”"

"In an unexpected and unprecedented move, the attacker is now returning the funds to Poly Network."

"They announced that they were "READY TO RETURN THE FUNDS!" in an Ethereum transaction that was sent from the same wallet used for the attack."

"Before sending the first return transaction, the hacker created a token called "The hacker is ready to surrender" and sent this token to Poly Network who announced that they had set up a multisig controlled by ‘’known Poly addresses’’."

"In an August 17 Medium article, the Poly Network team announced that they had offered the hacker, whom they refer to as “Mr. White Hat,” the position of Chief Security Officer along with a $500,000 bounty for identifying the exploit. In the post, the team declared they have “no intention of holding Mr. White Hat legally responsible.”"

"CipherTrace has confirmed nearly all funds have been returned to Poly Network into the addresses they had developed specifically for the hacker to return the funds."

"the method to fix the vulnerability is using allow lists. The allow lists are initialized when creating the EthCrossChainManager. By doing so, this patch can ensure" that "[o]nly the contract in the allow lists can invoke the crossChain function, which is used to start the cross-chain transaction" and "[o]nly the method and the contract in the allow lists can be invoked by the cross-chain transaction."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Poly Network Validation Error
Date Event Description
August 10th, 2021 3:48:40 AM Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.

Total Amount Lost

The total amount lost has been estimated at $611,000,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

A bounty of $500,000 USD was paid for the discovery.

Total Amount Recovered

The total amount recovered has been estimated at $610,500,000 USD.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Prevention Policies

It's not wise placing such a large amount of liquidity in a smart contract hot wallet, especially without an audit. The only truly secure storage of assets is an offline multi-sig wallet. In the future, it's very likely that insurance protocols will reduce some of the risk.

This was a lucky case in that losses were minimized by the hacker returning the funds.

References

  1. Cryptocurrency Heist: Poly Network Says Hackers Stole Record $600 Million | Technology News (Aug 19, 2021)
  2. blocksec-incidents/2021.md at main · openblocksec/blocksec-incidents · GitHub (Aug 11, 2021)
  3. The Retrospection Of The Poly Network Hack From A Security Researcher Perspective (Aug 29, 2021)
  4. The Further Analysis Of The Poly Network Attack (Aug 29, 2021)
  5. The Analysis And Q A Of Poly Network Being Hacked (Aug 29, 2021)
  6. The Root Cause Of Poly Network Being Hacked (Aug 29, 2021)
  7. Polynetwork Bug Review And Patch Analysis (Aug 29, 2021)
  8. Poly Network Hack Analysis - Largest Crypto Hack | Mudit Gupta's Blog (Aug 29, 2021)
  9. Rekt - Poly Network - REKT (Aug 29, 2021)
  10. @kelvinfichter Twitter (Aug 29, 2021)
  11. SlowMist: Tracking possible identification clues related to Poly Network attackers | by SlowMist | Medium (Aug 29, 2021)
  12. Hacker Returns Poly Network Funds Ransom Deals In The Time Of Defi (Aug 29, 2021)
  13. The 600m Poly Network Hack The Biggest Hack In Defi History (Aug 29, 2021)
  14. @sniko_ Twitter (Aug 29, 2021)
  15. Poly network and Hacker Communicate (Aug 29, 2021)
  16. Poly Network Suffers Largest Crypto Hack Ever Recorded - CipherTrace (Sep 10, 2021)
  17. PolyNetwork (Sep 17, 2021)
  18. Poly Network Loses $611 Million in the Biggest DeFi Hack to Data (Sep 17, 2021)
  19. PolyNetwork: An Interoperability Protocol for Heterogeneous Blockchains (Sep 19, 2021)
  20. @PolyNetwork2 Twitter (Sep 19, 2021)
  21. Contract Address 0x7cea671dabfba880af6723bddd6b9f4caa15c87b | BscScan (Sep 19, 2021)
  22. Binance Transaction Hash (Txhash) Details | BscScan (Sep 19, 2021)
  23. Binance Transaction Hash (Txhash) Details | BscScan (Sep 19, 2021)
  24. Binance Transaction Hash (Txhash) Details | BscScan (Sep 19, 2021)
  25. Binance Transaction Hash (Txhash) Details | BscScan (Sep 19, 2021)
  26. Binance Transaction Hash (Txhash) Details | BscScan (Sep 19, 2021)
  27. Binance Transaction Hash (Txhash) Details | BscScan (Sep 19, 2021)
  28. Binance Transaction Hash (Txhash) Details | BscScan (Sep 19, 2021)
  29. Contract Address 0x838bf9e95cb12dd76a54c9f9d2e3082eaf928270 | Etherscan (Sep 19, 2021)
  30. Ethereum Transaction Hash (Txhash) Details | Etherscan (Sep 19, 2021)
  31. Ethereum Transaction Hash (Txhash) Details | Etherscan (Sep 19, 2021)
  32. @paoloardoino Twitter (Sep 19, 2021)
  33. @PolyNetwork2 Twitter (Sep 19, 2021)
  34. Ethereum Transaction Hash (Txhash) Details | Etherscan (Sep 19, 2021)
  35. @wardbradt Twitter (Sep 19, 2021)
  36. Polynetwork and Hacker Communicate - Google Drive (Sep 19, 2021)
  37. The Informal Security Review Of The Patch Of The Poly Network (Oct 15, 2021)
  38. https://mobile.twitter.com/certik_io/status/1426219879171072001 (Jan 10, 2022)
  39. https://mobile.twitter.com/certik_io/status/1425674497177366529 (Jan 10, 2022)
  40. The Poly Hack and Crypto’s Trust Issues | David Z. Morris – Defi (Feb 12, 2022)
  41. DeFi Protocol PolyNetwork Suffers Major Attack, Over $600 Million Worth of Crypto Stolen – Defi (Feb 12, 2022)
  42. Poly Hack Raises More Questions Than Answers – Defi (Feb 12, 2022)
  43. Hackers Stole Over $600 Million from Poly Network Through Exploit – Defi (Feb 12, 2022)
  44. Poly Network Prepares for Hacker to Return Millions in Stolen Crypto – Defi (Feb 12, 2022)
  45. Crypto Panhandlers Beg Poly Network Attacker for Share of $613M Haul – Defi (Feb 12, 2022)
  46. Cross-Chain DeFi Site Poly Network Hacked; Hundreds of Millions Potentially Lost – Defi (Feb 12, 2022)
  47. Poly Hack Raises More Questions Than Answers - CoinDesk (May 7, 2022)
  48. Polynetwork Hack Analysis (May 30, 2022)
  49. https://www.bbc.com/news/business-58180692 (Jul 2, 2022)
  50. play (Jul 2, 2022)
  51. Bloomberg - Are you a robot? (Jul 2, 2022)
  52. Hackers return $260 mln to cryptocurrency platform after massive theft | Reuters (Jul 2, 2022)
  53. Rekt - Poly Network - REKT (Jul 22, 2022)
  54. https://etherscan.io/address/0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963 (Jul 22, 2022)
  55. https://etherscan.io/txs?a=0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963&p=33 (Jul 22, 2022)
  56. https://etherscan.io/tx/0xae2442c5b5721df8c190fd8f59b53b6dc56a875fb03035ad34276a598ddf7d31 (Jul 22, 2022)
  57. https://bscscan.com/txs?a=0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71&p=105 (Jul 22, 2022)
  58. @amanusk_ Twitter (Jul 22, 2022)
  59. https://etherscan.io/tx/0xdf3afc47c7914e06ddb1be19afcd769e558111d353e55273a62c4a96e6a6090f (Jul 22, 2022)
  60. @amanusk_ Twitter (Jul 22, 2022)
  61. @HsakaTrades Twitter (Jul 22, 2022)
  62. @TheBlock__ Twitter (Jul 22, 2022)
  63. @HsakaTrades Twitter (Jul 22, 2022)
  64. @UnderTheBreach Twitter (Jul 22, 2022)
  65. @HsakaTrades Twitter (Jul 22, 2022)
  66. https://www.theblock.co/post/114045/at-least-611-million-stolen-in-massive-cross-chain-hack (Jul 22, 2022)
  67. https://www.breadcrumbs.app/reports/671 (Jul 22, 2022)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Poly_Network_Validation_Error&oldid=2648"