Why have most of us never heard of a protocol that has $600M TVL until it gets hacked? What is this space?!
40 minutes apart...
0x3a09c98f99edd9601ed017ff269652fd80c7e9aedcea57126990031128851043
0x552bc0322d78c5648c5efa21d2daa2d0f14901ad4b15531f1ab5bbe5674de34f
~6 hours later, Poly team "reach out" to the hacker
Hacker now asks if they should rely on community vote on where to direct stolen funds
0x4c102e972301b999318df70e3d3a067994dcc83951f07f7f37c45ff7e922beec
I found 2 keys belonging to PolyNetwork... 👀
(I need to verify they are prod keys, both armored, but interesting anyway)
Very good thread on the exploit 👇
Hacker: "READY TO RETURN THE FUND!"
0x7b6009ea08c868d7c5c336bf1bc30c33b87a0eedd59dac8c26e6a8551b20b68a
Hacker: "FAILED TO CONTACT THE POLY. I NEED A SECURED MULTISIG WALLET FROM YOU"
0x79245fb1d1ae48a214118e25d6ad2f9324f514ec6708135a19ba9d4cfa6344f6
Looks like intentions are to return everything?
Hacker: "IT'S ALREADY A LEGEND TO WIN SO MUCH FORTUNE. IT WILL BE AN ETERNAL LEGEND TO SAVE THE WORLD. I MADE THE DECISION, NO MORE DAO"
0xd239b01026c49b234d075e3d23a07efd1c3234239cfb440c0f90d5e84836fbe2
Hacker: "ACCEPT DONATIONS TO "THE HIDDEN SIGNER" NOW. ENCRYPT YOUR MSG WITH HIS PUBKEY."
0x160231043b80c7824f658b3621163ebcc537ff29ad1dfb3572e658ebf0ddc2fd
616k $FEI moved - 0xd3327a266add4ec655ef5fe00fd042bdcdf1b886c26af3b5dd21b2e4ec9bde49
259,737,345,149 $SHIBA moved - 0x4d0c93ca9746d1c8a80c0ecf58bd5bba66654fefae3df320b4d138405d0cbc0e
Hacker: "DONATE TO 0xA87fB85A93Ca072Cd4e5F0D4f178Bc831Df8a00B IF YOU SUPPORT MY DECISION
ENCRYPT YOUR MSG WITH HIS PUBKEY IF YOU WANT TO TALK"
0x87715ad26621431c2c27f44d9214798e0c81a97d938ba5d4580dcd72f07ec6a8
Asks for community donations, and for Poly to encrypt their comms
Hacker: "DUMPING SHITCOINS FIRST!
HOW ABOUT UNLOCKING MY USDT AFTER RETURNING ENOUGH USDC?"
They ask for USDT to be whitelisted if they return more $USDC... interesting proposal - $33M USDT
0xa7cd9cb0211942998602e22ad6f7fd7d9c1eef9515f4e4154a76237d5fd71aa3
Hacker is giving encrypt data to Poly
0x64eb495eba8b2000181498910748614dbd2c4bd7d6997af20cdb92c2518b2bce
Comms seems to be encrypted now - likely in (or soon to be) a communication channel with Poly for the entire network to watch
0x69534e330c5f8529759272b86e90bbacf7a5c4082683064c471e5539eacf53ba
I missed these but Poly seem to be in direct comms with the hacker onchain
They have received $1M+ on Polygon - unsure if verified to be Poly
0x59451c04dd5809958100c20a1263b7c1c6fc5080b38163b5117557418a473c47
0xf25ad2da525da68e7e254ecb5d780ae2c64f4df442baa14832fcbdff65dfb193
So far, using the addresses identified by Poly in tx278 (linked above)
0x71Fb9dB587F6d47Ac8192Cd76110E05B8fd2142f (ETH) - $2.6M received
0xEEBb0c4a5017bEd8079B88F35528eF2c722b31fc (BSC) - $1.1M received
0xA4b291Ed1220310d3120f515B5B7AccaecD66F17 (POLY) - $1M received
Poly connected to the hacker via email (it seems) and is offering a bounty to the hacker (after funds returned)
0xf6488e1efacd9c280eb91133d04ba357beca8016df8b0b0524b9a2e207b2ad7f
0x6b174ace1a83530bd2f33f07b213536699418b533cf2d3685556cf126e7061d8
The hacker just returned $120M to Poly on BSC
bscscan.com/tx/0xec9507edd…
Hacker: "JUST DUMPED ALL ASSETS ON BSC & POLYGON.
HACKING FOR GOOD, I DID SAVE THE PROJECT"
0x3de5a4eb6c1953ce2d0422bc5d0d16b2d9e54316cf0784bb793b3c67f09387b7
I'm not monitoring BSC too closely, but they also returned $86M prior to this... so $200M+ returned on BSC to Poly
0x6e2317a437e7804b211ab03a11d61bf68d4fd3b87a5d0deb76d87febddca262b
More encrypted comms going out to Poly... perhaps another big move by the hacker to arrange returning more funds?
0x4d6490b47a82e548236b4448713a973d833e439ad9fff76513d38ad2f7cb4fa5
$673k/14 BTC (renBTC) on the move!
0xd916036ed3f4fd356e32faf7a0849834e54d7555383c372058226cb32705916b
Hacker hacked "FOR FUN :)" and "CROSS CHAIN HACKING IS HOT"
0x1fb7d1054df46c9734be76ccc14fa871b6729e33b98f9a3429670d27ec692bc0
Q&A part 2 just published!
0xd4ee4807c07702a3202f45666983855d7fa22eb1c230e4c1e840fc9389e54729
Hacker claims they were "PISSED BY THE POLY TEAM FOR THEIR INITIAL REPONSE" which caused them to trade some of the stablecoins
Claims they planned to earn off the interest earned until they could negotiate with Poly
"I WAS PLANNING [...] TO TAKE OVER THE FOUR NETWORK"
Q&A Part 3 just dropped
0xe954bed9abc08c20b8e4241c5a9e69ed212759152dd588bb976b47eca353a5bc
Hacker claims they tipped hanashiro.eth 13ETH because they thought it was their own local script problem, not a contract-level logic check problem
Tornado cashout was a "BAD JOKE"
Hacked $600M and still sticking to "I AM _NOT_ VERY INTERESTED IN MONEY"
Plans to give all back
Side note: hanashiro.eth received the (stolen) 13ETH and "spent" it, but seems to be KYC'd with FTX - depositing $450k USDC
I wonder if hanashiro.eth will also return the 13.37ETH to Poly
etherscan.io/tx/0xd62dbc8e9…
Hacker is now outing scammer email addresses
0xe926ef4b6f4e3ff1b680df02a6a2456cd9b415d25f051bb894ea3e24cfa864f0
Hacker: "DISCLAIMER: I HAVE NEVER ASKED FOR BOUNTY FROM POLY NETWORK
WHAT I HAVE SAID IS ON THE CHAINS"
0xa5371eda3e56a614cdecc2b875f4236c7651e8ab3822f798b108e14b2659aaaa
Q&A part four just published!
0xde330cbd5484e9ce808c60d3a76739f224eb8390b6b891a8e4d29dbdaeab826d
Hacker says "I WOULD ADMIT THAT THE POLY HACK IS NOT AS FANCY AS YOU IMAGINE [...] I WOULD SAY FIGUING OUT THE BLIND SPOT IN THE ARCHTECTURE OF POLY NETWORK WOULD BE ONE OF THE BEST MOMENTS IN MY LIFE"
"BEING THE MORAL LEADER WOULD BE THE COOLEST HACK I COULD EVER ARCHIVE!"
Hacker: "THE _POLYGON_ NETWORK IS SO UNRELIABLE
FOR MANY TIMES I THOUGHT I HAD SENT THE TRANSACTION BUT IT VANISHED. LOL"
Hacker is having some difficulties with Polygon L2 @0xPolygon
0xd2750ac3aad70c0a73fd4cd5aa854770f3253026526ab3cdc88fd561b8ccd5a0
Hacker has now returned $83M to Poly on Polygon network
0xc32f8501c62a69218b4cdaae93cffcf7b214f331942af9ecca7c35be49e796b6
Brings the total to sent back to $344M across 3 networks
Hacker: "[...] DON'T WORRY, YOU ARE NOT REAL VICTIMES. I SAVED YOU!"
0x078063e9574e1937a64b6552919b9fc0035429df1e601d79e200bf211e75f337
Hacker has now returned an additional $1.2M
0x09fe1ec4a9ad2c159362e7ec23b0410de34d71db5f314c4b04247c48d812fcbf
Hacker is getting tired of the people asking for money saying "HELLO BEGGARS, WHY NOT ASKING MONEY FROM THE POLY MULTISIG WALLET? 0x71Fb9dB587F6d47Ac8192Cd76110E05B8fd2142f"
81 comments, 1.4k txs asking for $
0x05ddbcc01736dfe478526b33837f54ccf4f0e1e8abf06276d0a3fb18b8751ea9
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.