PolyNetwork Breach : Incident Analysis – FIN 545 With the advent of blockchain, Cryptocurrencies have emerged as a great alternative to transactions in traditional fiat currencies, therefore, a potentially powerful democratizing force that can increase inclusion and allow fast transactions without any intermediary involved. Considering the advancements in this domain and its associated use cases, it’s still at its nascent stage of development where there’s a substantial scope to improve upon the security and integrity that the platform provides. This case specifically deals with recent breach of PolyNetwork resulting in a loss roughly equivalent to $610 million in the form of Cryptotokens of Ether, Binance-coin and USDC which was then exfiltrated to external wallet addresses. According to the Blockchain security firm SlowMist and security Researcher Kelvin Fichter, “the hack was made possible by a mismanagement of the access rights between two important Poly smart contract. The first one is ‘EthCrossChainManager’ and the second one is ‘EthCrossChainData’ ”. SlowMist in a statement on twitter, relayed their initial findings in the wake of the attack, claiming “ Our security team has grasped the attacker's mailbox, IP, and device fingerprints through on-chain and off-chain tracking, and is tracking possible identity clues related to the Poly Network attacker." In the same thread, the firm claimed that the hacker’s initial source of funds was Monero, which was later exchanged for other tokens which were used to fund the attack. SlowMist also specifically pointed out that by the nature of the attack which was carried out, combining the data associated with the flow of funds and multiple fingerprint information, it was evident that this was a carefully planned, organised and prepared attack. This was arguably the biggest attack in Defi history. By the series of events that unfolded since the breach, its quite important to note that there was a technical flaw in securing the very privileged cross-chain smart contract which was successfully exploited by 1
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.