193
This article is after my previous Crypto Hacking, and this article is very long! Just a warning.
This legendary hacking journey starts with a little-known Poly Network.
Nobody knows what Poly Network is until the hacking incident that is the biggest in hacking history.
What is Poly Network?
It is a platform to connect all and provide cross-chain services.
Similar to crypto exchange platforms where you can find all cryptocurrencies, the Poly Network provides one place for all solutions for blockchain to interconnect so that crypto can move one chain to another without going through a conversion process (crypto exchange platform).
Poly Network is a Layer 3 solution that using Dapp and builds a bridge on the top of each blockchain so that every crypto can transfer to each blockchain seamlessly.
From its white paper, it functions just like Defi without tokens to facilitate the transaction.
Where does the Poly Network come from?
It is a project that NEO founded in 2020 to explore an interoperability protocol that connects each blockchain to provide services.
The benefit of using the Poly Network
There are no benefits of using the Poly Network and concentration of cross-chain assets prone to security breaches.
Yeah, you hear it. No benefit at all because it is a middleman to provide a mix of services that may be violated in the future if assets got mixed up or laundry-like activities.
Even though the white paper claimed so many advantages, none of the benefits to distinguish between trade in the crypto exchange and cross-chain platform.
Well, it is good to have one.
The Mr. White Hat
Just two months when Poly Network announced its assets accumulation hit s $700 million, it got hacked and made one of the most losses in the history of a total of $600 million losses with different cross cryptocurrencies.
Poly Network, not to mention it is a Chinese-backed Defi project that pools with lots of Chinese investors.
However, it doesn’t make the technology less competitive than other nations, and it is created equally.
Then Mr. White Hat, the hacker, just broke the code and took the money out for “fun.”
Defi communities were shocked
Everyone was scratching their heads and wondering how hacking happened?!
Vulnerability of middleman services
I mentioned that hacking always happened when someone else handled your funds but not from your wallet.
The key factor distinguishing between your wallet to send funds to others is that you give up the execution function when service providers acting as your agent do so.
In contrast, when you send funds from your wallet, you will likely verify which party will accept your funds.
In crypto exchange or alike, you hand off your execution right to the middleman that serves you.
Decentralized asset runs on the top of centralized Defi services.
Reddit users point out the code deficiency
u/publius-varus pointed out that there was a code deficiency that makes Poly Network vulnerable to hackers.
u/CPlusPlusDeveloper then clarify that Poly Network makes signed transaction from chain A to chain B simply copy and paste without validation process.
You can bypass the critical validation process by overwriting authority on the top of the administration — a pretty standard hack method in the Windows operating system or any program that had administration over-right codes.
This is one possible hack.
Mismanage the access right of Poly smart contract
Similarly, the second possible hack method is to exploit the smart contract.
Again, by exploiting the privily access right of the intelligent contract without validation process, one can modify the code to overwrite the privilege.
First, overwrite EthCrossChainData to decide which user receives the fund.
Second, execute the transaction through EthCrossChainManager to trigger the transaction without even compromise the private key.
Missing core security cryptographic step
The key of cryptocurrency is unhackable because of its private critical validation process. Unfortunately, Defi and any Dapp built on top of the blockchain did not have such a mechanism.
This essential step slows down the network process, and by finding a scalability solution, a developer may have to make a trade-off.
However, security may not be traded off as the result of massive hacking.
The rest of the story becomes legendary
Mr. White Hat did not intend to own the funds but return within 24 hours just for fun.
Here are the complete stories of Q&A:
As Mr. White Hat explains his hack on Part 8 about Cross Chain Manager Proxy that can easily bypass.
Offering a job to a hacker
Therefore, Mr. White Hat got a job offer of $500,000 bounty and the title of Chief Security Officer.
In conclusion
This article demonstrates a fraction of Defi’s security concerns and how future hackers may continue to attack Defi or any crypto projects to exploit funds.
We may not be fortunate to have another Mr. White Hat return total funds without authorities to enforce the legal processes.
Photo by Max Bender on UnsplashRelated articles:
Stablecoin is Not So Stable
CBDC: Stablecoin 2.0 or Stablecoin Killer
Chinese CBDC: the Ultimate Financial Weapon or Just another Copycat
DeFi Swap: Great Returns come with Great Cost
CBDC vs Cryptocurrency: the War of Privacy
Game of Three Kingdoms: CBDC vs. Cryptocurrency vs. TechCoin
Gold vs. Bitcoin: Digital Twin or Enemy
Volatility of Bitcoin: Threat or Opportunity
Lesson Learn from Robinhood IPO: Era of Crypto Exchange Comes to an End or a New Beginning?
Hypothetically, What if the Fed Fails to Control Inflation, Will Crypto Save Us?!
Stablecoin: We Ever Need Them More Than CBDCs
SEC vs. Ripple: the Endless Game of War
SEC vs. Defi: What is the goal of the Defi?
City Coins: Are they the Era of New Coins?
Ethereum London Hardfork: How Hard does It Actually Fork?
Did the U.S. government just thumbs up on Bitcoin and down on Ethereum after the London Hardfork?
The End of Era for Crypto Exchange Platform?!
NFT: Digital Solution or Delusion?
NFT: The Future of Gamers' Assets
Is Bitcoin Untraceable Anymore?! It Depends!
Why Crypto Got So Political Suddenly: The Beginning Tale of Government Crypto Surveillance Program
Where are We Position Crypto at : the Problem with Money and Wealth
Crypto Hacking: How Did it Really Happen?
Bitcoin Mining Recover?! The Chinese vs. The U.S Strategy of Blockchain
The Legendary of Shitcoin: Meme to the ?? or Unique of ?? or Simply just ??
Crypto Economy: the Untold Speculative Financial System We will Live?
Red Alert: Lesson Learns from the Nearly Cashless Nation
Jack Dorsey’s Ambitious: Twitter wants to Become a Place of Freedom of Speech
What Categories Does Bitcoin Belong to or Does it Really Matter?
Quantum Financial System: The System Lost Itself in Quantum World
-------------------------------------------------------------------------------------Disclosure: I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it. I have no business relationship with any company whose cryptocurrencies are mentioned in this article. This information is only for educational
