The biggest theft in DeFi history, in addition to twists and turns, there is also performance art


 309 total views

Rethinking a question again: Is the code rule first or the legal rule first?

Original title: “The largest DeFi theft in history, full of bizarre and absurdity”
Written by: Deep Tide

Poly Network’s total of $610 million in cryptocurrency was stolen, making it the largest DeFi hacking in the history of crypto. This attack was foggy, full of weirdness and absurdity, and mixed with performance art.

How to steal?

On the evening of August 10, the cross-chain interoperability protocol Poly Network made a sudden announcement, claiming that the three chains of Ethereum, BSC, and Polygon had stolen 250 million, 270 million, and 85 million U.S. dollars of encrypted assets, respectively, and the total loss was as high as 610 million US dollars.

Regarding the reasons for the theft, there are two main types of claims.

The security company BlockSec released an analysis report stating that the cause of the attack may be that the private key used for cross-chain signature was leaked or the signature program had logic loopholes that led to the signing of the attack transaction.

Immediately, the security company SlowMist released an analysis and believed that the attacker used carefully constructed data to modify the address specified by the attacker in the keeper in the Ethereum cross-chain contract. It was not an online transmission that caused this incident due to the leak of the keeper’s private key. happen.

According to the analysis of the blockchain data platform Breadcrumbs, the analysis is more inclined to agree with the slow fog analysis.

Poly Network has a series of smart contracts that control the management of funds stored on the network. On Ethereum, the three Poly Network contracts involved in the management are:

Ethereum cross-chain manager


Ethereum asset proxy


Ethereum cross-chain data


The important variables stored in the Ethereum cross-chain data contract determine which address is the “consensus bookkeeper” who has the ability to withdraw funds from the Ethereum asset proxy contract that holds all Polynetwork assets.

The hacker calls the Ethereum cross-chain manager with specific data and sets the variable of the bookkeeper to the hacker’s own address. The change of this variable is performed in the following Ethereum transaction:


After they set their address as Ethereum’s bookkeeper, they withdrew 10 different assets from the Ethereum asset proxy address to their own address.

Since then, they have repeated this same process on Binance Smart Chain and Polygon Network.

The stolen assets are currently mainly concentrated on the Ethereum and Binance smart chains, and the asset type is mainly USDC.

The biggest theft in DeFi history, in addition to the twists and turns, there is also performance art

Chinese committing crimes?

Will such a large-scale hacking attack be caused by the internal team or related personnel?

Mudit Gupta, a security researcher at Sushi, said that the hacker may have obtained the key through some means, or it may be that the hacker colluded with the team insiders to complete the attack, which requires a more thorough investigation.

By tracking the address of the attacker, an exchange emerged- Tiger Symbol.

With the technical support of Hoo Tiger Symbol and many exchanges, SlowMist discovered that the hacker’s initial source of funds was Monero (XMR), and then changed it to BNB, ETH, MATIC and other currencies in the exchange, and withdrew them to 3 addresses, attacked on 3 chains soon.

In other words, the hacker first recharges Monero coins to a KYC Tiger Talisman account, and then changes Monero to BNB, ETH, and MATIC for the gas fee for the attack.

After the attack, Hufu also issued a statement on the theft of PolyNetwork as soon as possible:

1. Hufu provides relevant information to well-known security companies in the industry for tracking;

2. Hufu immediately closed the corresponding token deposit and withdrawal, prohibiting all stolen funds from flowing into the exchange;

3. Hufu will pay close attention to the development of the incident, safeguard the justice of the industry, and crack down on hackers.

The SlowMist security team stated that it has discovered the mailbox, IP, and device fingerprints of the Poly Network attacker through on-chain and off-chain information tracking, and believes that this is likely to be a long-planned, organized and prepared attack.

As a result, the suspicion of Chinese people committing crimes and acquaintances committing crimes has become more popular in the community.

Performance Art

In the theft, there is a very ironic episode.

An address named hanashiro.eth sends a message to the hacker’s address, telling its USDT to be frozen and not to use USDT.

The biggest theft in DeFi history, in addition to the twists and turns, there is also performance art

Perhaps to express thanks, the hacker transferred 13.37ETH to this address.

Since then, a group of opportunists have heard the news and sent on-chain messages to hacker addresses, hoping to get rewards.

Some people directly recognize their fathers, some want to apprenticeships, and some cried about their miserable experiences in currency speculation…

The biggest theft in DeFi history, in addition to the twists and turns, there is also performance art

However, everyone ignored the hanashiro.eth that received 13.37ETH. Why is it 13.37ETH?

Leet, spelled as 1337, is also known as hacker language, a writing method that originated from BBS, online games and hacker communities in Western countries. It seems to convey the meaning here: I am a powerful hacker.

After receiving ETH, hanashiro.eth has exchanged transactions with Binance for many times. Perhaps because of fear of being held accountable, hanashiro donated all the ETH received to Binance Charity, Infura, Rekt,, a single transaction 1.339ETH, and left literary and artistic verses or lyrics on the chain, performing a large-scale performance art.

The biggest theft in DeFi history, in addition to the twists and turns, there is also performance art

Recipient: Binance Charity


We are the world

We are children

We are the ones who create a brighter day, so let us start giving.

We are making a choice

We are saving our own lives

It is true that we will create a better day, only you and me.

Receiver: Etherscan


Oh give them your heart

Let them know that someone cares about them

Their lives will become stronger and free

Just as God made the stone turn into bread for us to see

So we all have to lend a helping hand

Recipient: Infura


When you are down, there seems to be no hope

But if you believe it, we can’t fall

Okay, okay, okay, let us realize

Oh, only when we are united can we change

When we are united, right, right, right

Receiver: Rekt


The biggest theft in DeFi history, in addition to the twists and turns, there is also performance art A japanese song

The biggest theft in DeFi history, in addition to the twists and turns, there is also performance art A japanese song



We can’t go on anymore

Pretend every day

Someone, somewhere will change soon

We are all members of the family of God

The truth is, you know, love is all we need

Recipient: myself


I am just a passing encryption enthusiast, checked the hacker’s tether/circle blacklist status, and sent the message.

Who is guilty?

Perhaps this is the richest moment in a hacker’s life. He sends two messages on the chain:

“If I transfer some more “junk coins”, this is the $1 billion event! Didn’t I save the project? I’m not interested in money, and now I’m thinking about returning some of the tokens or just not moving them. NS.”

“What if I issue new tokens and the DAO decides where these tokens go?”

There is a trace of fear in the hacker’s arrogance. The attacked project side, on the one hand, showed a tough look. PolyNetwork issued an open letter, writing:

We hope to establish contact with you and hope that you can return the stolen assets.

The amount of assets you stolen is the largest in the history of DeFi. The laws of any country will treat it as an important economic crime, and you will be hunted down.

It is not wise for you to make any transactions. These assets are the property of thousands of community members. You should talk to us for a solution.

The biggest theft in DeFi history, in addition to the twists and turns, there is also performance art

However, from the beginning of using “Dear”, perhaps PolyNetwork has already lost.

When we meet on a narrow road, now comes the moment of the game. Psychological confrontation, technical tracking and anti-tracking, see who will die in the end?

In the end, all the pain will be borne by the owner of the stolen assets.

It is reported that the victims of this theft are mainly high-net-worth individuals in the Shanghai area, and even some industry leaders have lost hundreds of millions of dollars.

“You work hard to make a small amount of money, and once it is stolen, it will return to zero.” Never ignore every potential black swan.

Finally, there is a very ironic statement:

Before the theft: Code is the law. DeFi does not need government, police, courts or laws, fuck the government!

After being stolen: Hi,…Police? We have been hacked, all our money has been stolen, please help.

The biggest theft in DeFi history, in addition to the twists and turns, there is also performance art

Code rules first or legal rules first? Should DeFi be regulated? Should Tether freeze assets? Where is the boundary of decentralization?

Perhaps it is worth pondering.

Adblock test (Why?)

Disclaimer: does not endorse any content or product on this page. While we aim at providing you all important information that we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor can this article be considered as investment advice or recommendations. Every investment and trading move involves risk, you should conduct your own research when making a decision.