It's been a week since we first heard what was described as "the biggest breach in Defi space" with speculation mad about it.
If you're not familiar with this incident, allow me to quickly bring you up to speed...
On August 10, Poly Network's official account on Twitter published a stormy tweet that turned the crypto world upside down, announcing that the PolyNetwork had been attacked on several major blockchains, and asking for help from crypto big players to flag and blacklist any tokens or coins coming from hackers' wallets
The hackers managed to acquire a whopping $611 million US dollars which were itemized into roughly $273 million from Ethereum, $85 million in USD Coin (USDC), and $253 million from the Binance Smart Chain
In the aftermath of the breach, several crypto companies and exchanges announced that they would lend a helping hand and provide assistance however they could. This includes OKEx, Binance, and others...
Tether went far further to announce that they froze $33 million dollars of the stolen funds. While it's impressive to have the ability to block a thief's money, It also reveals how much power these centralized stablecoin issuers have over their tokens... Not a good sign in the world of decentralization, yet, this is another topic for another time...
It was clear the Poly network had succeeded in creating a case sympathy within the crypto community, wherein almost all crypto participants from corporates to individuals came together to help
There were also big security entities stepping in headed by SlowMist (an organization focused on Blockchain Ecosystem Security) which indicated that they managed to capture the hackers’ IP addresses, emails, and other identifiers that could allow legal authorities to locate and maybe arrest the hackers.
And in a strange yet interesting attempt to recover the stolen funds, Poly network sent a message to the hacker, begging to give the money back with some "polite threats" of prosecution...
However, an absolutely unexpected surprise happened when the hacker replied to the message to say YES!
Polly Network handled this "diplomatically", dubbing the hackers as "Mr.White Hat", and they even offered them a reward of half a million dollars.
What's more impressive is that the hackers(or Mr.White Hat) conducted an entire AMA by embedding messages on the Ethereum blockchain to explain their motivations.
According to the AMA, Mr.White Hat hacked the Poly Network "for fun" and they had initially planned to return the funds. It was just a practical lesson to teach the crypto community the importance of security in the DeFi space.
On August 12, Poly Network mentioned that Mr. White Hat has truly delivered on his promise to give the money back, which put a happy ending to the biggest hack in the young history of decentralized finance.
And just yesterday, there was a tweet on the Poly network account stating that not only will they spare the hacker any legal responsibilities, but also invite him/her to be their Chief Security Advisor!
White Hat or Black Hat?
You may notice that it was like a fictional story. A hacker stole more than $600 million dollars just for "the good of the community" and then decided to return them? Too good to be true, right?
Well, there was a mountain of hidden details behind the scenes...
While it is impossible to determine the real motivations of the hackers, we can at least get a sense if we look at their blockchain activities which obviously suggest the reverse of their claims
For example, after breaching the network, they did their best to deposit some of the stolen funds into Tornado Cash which is a protocol that breaks the on-chain link between source and destination addresses in order to enhance privacy. There were also efforts to obfuscate stolen funds by swapping them with other assets. However, all of that hasn't really work thanks to the "international blacklisting" of their address by the crypto community.
On top of that, I hardly believe that one needs to steal $600 million dollars just to prove a case...
According to many, there were no "white hats" here and the hackers' decision to return the stolen funds was just because they had realized that there was no getting away with that amount of money thanks to the transparency of blockchain and the cooperation of the crypto community
We shouldn't also forget SlowMist stating that their security team had acquired the IP addresses of the hackers which, if true, is enough to identify them...
Despite all that, Poly Network insists on calling the hackers "Mr. White Hat" and it seems like they have managed to get some praise from those who still believe in their good faith...
A lesson to learn...
It's not the first time that a Defi project faces a serious attack perpetrated by professional hackers. I think we all remember the "flash loan attacks" that took place last year and caused multiple Defi cryptos to fall by the wayside and if there was anything to learn from this last incident is that despite how attractive the DeFi space seems to be, it is still rife with security flaws that may destroy it at any time if they haven't been fixed in due course.
I would also point out the overwhelming power that Tether issuers have over their token. While it's great to freeze a hacker's stolen funds, I still can't shake the feeling that such a power could be used against regular people too. Just imagine what could happen if Tether didn't like how we use our money for whatever reason. It might be just speculation of me now, but we all here brag about decentralization, right?
At the end of the day, as long as we're in crypto, we're solely responsible for protecting the money we've worked so hard to get...
Publish0x
PS, Unless otherwise stated, all images in this post are either my own design or from free photo-sharing sites (e.g. pixabay.com)
Congratulations! This post has been upvoted by the @blurtcurator communal account,
You can request a vote every 12 hours from the #getupvote channel in the official Blurt Discord.Don't wait to join ,lots of good stuff happening there.