Largest crypto hack ever? Over $600 million in crypto stolen

Uh, well this isn't good at all -- decentralized finance (DeFi) project Poly Network was hacked, with over $600 million in cryptocurrency stolen by hackers.

Poly Network was hacked and had $600 million taken from where it operates: Binance Smart Chain (BSC), Ethereum (ETH), and Polygon blockchains. Poly Network explained: "We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses".

The team at Poly tweeted out that the $600 million in assets were sent to two addresses, including them in the tweet above. But that's where things get interesting...

Sushiswap's self-proclaimed "Super-Coder" Mudit Gupta called Poly Network out, saying that the Poly network "hasn't even verified their contracts on Ethereum so it's tedious to analyze". In a series of tweets, Gupta explained: "This was not a DeFi or smart contract hack but a traditional key compromise combined with irresponsible design decisions taken by Poly Network".

"The smart contract (https://github.com/polynetwork/fisco-contract/blob/70428651b94e34d9ca25d2dffb712682a0dec8e4/contracts/core/cross_chain_manager/data/EthCrossChainData.sol) requires a majority of keepers to sign an action for it to execute. Basically, it's a multisig. That's all cool but I think we can all agree that a multisig should have more than 1 signers. Guess how many keepers did Poly Network used?"

Gupta added: "It seems like they used a single keeper. That keeper had control over all of the funds.The hacker probably got hold of that keeper's key via traditional hacks. It's also possible that someone within the team colluded with the attacker. This needs a thorough investigation".

He continued, tweeting: "Anyway, the hacker used the Keeper's key to sign instructions that ordered the smart contract to transfer all funds to the hacker. The smart contract verified the signature and since only one signature was required, it processed the request".

"This is possibly the largest crypto hack ever. I'd argue that this is not a DeFi hack but a traditional hack of a Crypto Startup. Quite similar to the past hacks of Crypto Exchanges. This needs a thorough investigation by sovereign agencies. Disclaimer: This thread contains my early opinions and thoughts. Do your own research. Since this is not really a DeFi hack, I probably won't dive much deeper into this".

In his final tweet, Gupta tweeted @UnderTheBreach saying "You might wanna look into it". @UnderTheBreach being the co-founder and CTO of Hudson Rock, a cybercrime intelligence firm.

What does Hudson Rock do exactly? Here's a nice easy tweet and link to their website.