Rethinking a question again: Is the code rule first or the legal rule first?
Original title: “The largest DeFi theft in history, full of bizarre and absurdity”
Written by: Deep Tide
Poly Network’s total of $610 million in cryptocurrency was stolen, making it the largest DeFi hacking in the history of crypto. This attack was foggy, full of weirdness and absurdity, and mixed with performance art.
How to steal?
On the evening of August 10, the cross-chain interoperability protocol Poly Network made a sudden announcement, claiming that the three chains of Ethereum, BSC, and Polygon had stolen 250 million, 270 million, and 85 million U.S. dollars of encrypted assets, respectively, and the total loss was as high as 610 million US dollars.
Regarding the reasons for the theft, there are two main types of claims.
The security company BlockSec released an analysis report stating that the cause of the attack may be that the private key used for cross-chain signature was leaked or the signature program had logic loopholes that led to the signing of the attack transaction.
Immediately, the security company SlowMist released an analysis and believed that the attacker used carefully constructed data to modify the address specified by the attacker in the keeper in the Ethereum cross-chain contract. It was not an online transmission that caused this incident due to the leak of the keeper’s private key. happen.
According to the analysis of the blockchain data platform Breadcrumbs, the analysis is more inclined to agree with the slow fog analysis.
Poly Network has a series of smart contracts that control the management of funds stored on the network. On Ethereum, the three Poly Network contracts involved in the management are:
Ethereum cross-chain manager
0x838bf9e95cb12dd76a54c9f9d2e3082eaf928270
Ethereum asset proxy
0x250e76987d838a75310c34bf422ea9f1AC4Cc906
Ethereum cross-chain data
0xcf2afe102057ba5c16f899271045a0a37fcb10f2
The important variables stored in the Ethereum cross-chain data contract determine which address is the “consensus bookkeeper” who has the ability to withdraw funds from the Ethereum asset proxy contract that holds all Polynetwork assets.
The hacker calls the Ethereum cross-chain manager with specific data and sets the variable of the bookkeeper to the hacker’s own address. The change of this variable is performed in the following Ethereum transaction:
0xb1f70464bd95b774c6ce60fc706eb5f9e35cb5f06e6cfe7c17dcda46ffd59581
After they set their address as Ethereum’s bookkeeper, they withdrew 10 different assets from the Ethereum asset proxy address to their own address.
Since then, they have repeated this same process on Binance Smart Chain and Polygon Network.
The stolen assets are currently mainly concentrated on the Ethereum and Binance smart chains, and the asset type is mainly USDC.
Chinese committing crimes?
Will such a large-scale hacking attack be caused by the internal team or related personnel?
Mudit Gupta, a security researcher at Sushi, said that the hacker may have obtained the key through some means, or it may be that the hacker colluded with the team insiders to complete the attack, which requires a more thorough investigation.
By tracking the address of the attacker, an exchange emerged- Tiger Symbol.
With the technical support of Hoo Tiger Symbol and many exchanges, SlowMist discovered that the hacker’s initial source of funds was Monero (XMR), and then changed it to BNB, ETH, MATIC and other currencies in the exchange, and withdrew them to 3 addresses, attacked on 3 chains soon.
In other words, the hacker first recharges Monero coins to a KYC Tiger Talisman account, and then changes Monero to BNB, ETH, and MATIC for the gas fee for the attack.
After the attack, Hufu also issued a statement on the theft of PolyNetwork as soon as possible:
1. Hufu provides relevant information to well-known security companies in the industry for tracking;
2. Hufu immediately closed the corresponding token deposit and withdrawal, prohibiting all stolen funds from flowing into the exchange;
3. Hufu will pay close attention to the development of the incident, safeguard the justice of the industry, and crack down on hackers.
The SlowMist security team stated that it has discovered the mailbox, IP, and device fingerprints of the Poly Network attacker through on-chain and off-chain information tracking, and believes that this is likely to be a long-planned, organized and prepared attack.
As a result, the suspicion of Chinese people committing crimes and acquaintances committing crimes has become more popular in the community.
Performance Art
In the theft, there is a very ironic episode.
An address named hanashiro.eth sends a message to the hacker’s address, telling its USDT to be frozen and not to use USDT.
Perhaps to express thanks, the hacker transferred 13.37ETH to this address.
Since then, a group of opportunists have heard the news and sent on-chain messages to hacker addresses, hoping to get rewards.
Some people directly recognize their fathers, some want to apprenticeships, and some cried about their miserable experiences in currency speculation…
However, everyone ignored the hanashiro.eth that received 13.37ETH. Why is it 13.37ETH?
Leet, spelled as 1337, is also known as hacker language, a writing method that originated from BBS, online games and hacker communities in Western countries. It seems to convey the meaning here: I am a powerful hacker.
After receiving ETH, hanashiro.eth has exchanged transactions with Binance for many times. Perhaps because of fear of being held accountable, hanashiro donated all the ETH received to Binance Charity, Infura, Rekt, Archive.org, a single transaction 1.339ETH, and left literary and artistic verses or lyrics on the chain, performing a large-scale performance art.
Recipient: Binance Charity
Message:
We are the world
We are children
We are the ones who create a brighter day, so let us start giving.
We are making a choice
We are saving our own lives
It is true that we will create a better day, only you and me.
Receiver: Etherscan
Message:
Oh give them your heart
Let them know that someone cares about them
Their lives will become stronger and free
Just as God made the stone turn into bread for us to see
So we all have to lend a helping hand
Recipient: Infura
Message:
When you are down, there seems to be no hope
But if you believe it, we can’t fall
Okay, okay, okay, let us realize
Oh, only when we are united can we change
When we are united, right, right, right
Receiver: Rekt
Message:
A japanese song
A japanese song
Recipient: Archive.org
Message:
We can’t go on anymore
Pretend every day
Someone, somewhere will change soon
We are all members of the family of God
The truth is, you know, love is all we need
Recipient: myself
Message:
I am just a passing encryption enthusiast, checked the hacker’s tether/circle blacklist status, and sent the message.
Who is guilty?
Perhaps this is the richest moment in a hacker’s life. He sends two messages on the chain:
“If I transfer some more “junk coins”, this is the $1 billion event! Didn’t I save the project? I’m not interested in money, and now I’m thinking about returning some of the tokens or just not moving them. NS.”
“What if I issue new tokens and the DAO decides where these tokens go?”
There is a trace of fear in the hacker’s arrogance. The attacked project side, on the one hand, showed a tough look. PolyNetwork issued an open letter, writing:
We hope to establish contact with you and hope that you can return the stolen assets.
The amount of assets you stolen is the largest in the history of DeFi. The laws of any country will treat it as an important economic crime, and you will be hunted down.
It is not wise for you to make any transactions. These assets are the property of thousands of community members. You should talk to us for a solution.
However, from the beginning of using “Dear”, perhaps PolyNetwork has already lost.
When we meet on a narrow road, now comes the moment of the game. Psychological confrontation, technical tracking and anti-tracking, see who will die in the end?
In the end, all the pain will be borne by the owner of the stolen assets.
It is reported that the victims of this theft are mainly high-net-worth individuals in the Shanghai area, and even some industry leaders have lost hundreds of millions of dollars.
“You work hard to make a small amount of money, and once it is stolen, it will return to zero.” Never ignore every potential black swan.
Finally, there is a very ironic statement:
Before the theft: Code is the law. DeFi does not need government, police, courts or laws, fuck the government!
After being stolen: Hi,…Police? We have been hacked, all our money has been stolen, please help.
Code rules first or legal rules first? Should DeFi be regulated? Should Tether freeze assets? Where is the boundary of decentralization?
Perhaps it is worth pondering.