Cyber Incident Victim: Poly Network
Date:
Aug 2021
Location:
China
Summary
A decentralized cross-chain protocol suffered a major security breach resulting in over $611 million stolen across Ethereum, Binance Smart Chain, and Polygon networks, marking one of the largest decentralized finance thefts. The attacker transferred $273 million in Ethereum tokens, $253 million from Binance Smart Chain, and $85 million in Polygon-based USDC, with Tether subsequently blacklisting $33 million of stolen USDT. The organization publicly urged crypto exchanges and miners to block transactions from the attacker’s wallets, threatened legal action, and later confirmed partial recovery of approximately $4.7 million in assets. Operational disruptions occurred, including third-party services suspending cross-chain functionality due to the incident, while unrelated parties sent transactional messages to the attacker’s addresses ranging from laundering advice to requests for funds.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 10, 2021, Poly Network, a decentralized cross-chain protocol created through a collaboration involving Neo, Ontology, and Switcheo, announced a major security breach resulting in the theft of cryptocurrency assets valued at approximately $611 million. Attackers exploited vulnerabilities to transfer funds from the Binance Chain, Ethereum, and Polygon networks to three externally controlled wallets: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963 (Ethereum), 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71 (Binance Smart Chain), and 0x5dc3603C9D42Ff184153a8a9094a73d461663214 (Polygon). The stolen assets comprised $273 million in Ethereum tokens, $253 million from Binance Smart Chain, and $85 million in USDC from Polygon. Blockchain analytics firm SlowMist reported the attacker initially transacted in Monero (XMR) before converting funds into BNB, ETH, MATIC, and other tokens to execute the attack. Poly Network publicly urged miners and cryptocurrency exchanges, including Tether and Circle, to blacklist transactions originating from the identified addresses. Tether complied by freezing $33 million in USDT on the Ethereum network.
The incident disrupted dependent services, including the O3 trading pool, which suspended its cross-chain functionality. Poly Network stated its intent to pursue legal action while appealing to the attacker to return the stolen assets. Binance CEO Changpeng Zhao acknowledged coordination with security partners but emphasized no guarantees of recovery. Unrelated parties sent transactions to the attacker’s wallets, including money laundering advice and requests for free cryptocurrency; one user received 13.37 ETH (worth $41,474.41) after warning the hacker about Tether’s blacklisted USDT. By August 11, Poly Network confirmed the return of $4.77 million in assets, representing a small fraction of the total stolen amount. The breach was widely characterized as the largest decentralized finance (DeFi) hack recorded at the time, with ongoing investigations into its full technical and operational implications.