Explained | Here's how hackers stole $613 million in cryptocurrency from Poly Network

What is a poly network and how is it related to cryptocurrency?

Recently, hackers managed to crack into Poly Network and make off with cryptocurrency worth $613 million. This was the biggest crypto heist recorded to date. And how did the hackers do this? Let's find out.

Who is Poly Network? 

Poly Network is a DeFi (Decentralised Finance) platform that allows users to swap tokens across various blockchains using peer-to-peer networking.

A Decentralised Finance system facilitates this by not relying on intermediaries or middlemen. They allow people to lend, exchange and borrow funds, trade digital currencies, speculate on the market and earn interest.

The system invalidates intermediaries through the use of Smart Contacts, which is a transaction protocol designed and programmed to execute legal events at the time of a transaction. This code governs things such loans, repayments and liquidation.

As of January 2021, approximately $20.5 billion worth of cryptocurrency was invested in DeFi platforms around the world.

How did the hackers get in? 

Poly Network uses smart contacts to distribute tokens between blockchains that has been coded with instructions on how the transfer should take place.

Ethereum programmer Kelvin Fichter put forth a detailed analysis on Twitter. The flaw according to Fichter sits in a code in a Smart Contract that Poly Network uses called "EthCrossChainManager". The hackers managed to modify a list of public keys that is used to authenticate data from transfers.

They then spoofed the Smart Contract to divert the currencies from twelve different cryptocurrency chains and diverted them to three wallets, which was then traced and published by Poly Network.

What happens now? 

The hackers have since returned more than half of the amount they stole, approximately $342 million. This happened after Poly Network published an appeal on twitter urging them to establish communication and "work out a solution" amicably.

They have since gone on record to say that they did this for fun and wanted to point out the vulnerability before it became a major risk. Poly Network is currently in negotiations to get the rest of the sum back.