Cryptocurrencies updates
Sign up to myFT Daily Digest to be the first to know about Cryptocurrencies news.
A decentralised financial network has claimed hackers absconded with about $600m worth of cryptocurrencies in one of the largest heists in the rapidly growing digital asset industry.
Poly Network, which links some of the world’s most widely used digital ledgers, said on Tuesday that attackers had exploited a vulnerability in its system and taken thousands of crypto tokens. The attack would be one of the largest to date on a crypto venture, on a par with major breaches including those of exchanges Coincheck and Mt Gox.
The alleged hack marks a blow to supporters of decentralised finance, or DeFi, which has been one of the fastest-growing areas of the cryptocurrency market. It also highlights the lack of consumer and investor protections in a market that has boomed in recent years with only light oversight from financial regulators.
Poly Network has developed a computer protocol, or set of rules, that allows users to transfer tokens tied to one blockchain to a different network. Many of the world’s most widely used blockchains, such as Binance Chain and ethereum, have developed independently and their coins, offered as an incentive to users, are run on separate technologies.
However it means investors cannot easily move their tokens to a different blockchain, to trade them or use them as collateral for another investment.
Proponents are trying to build networks that allow users to buy and sell digital assets directly with each other, bypassing intermediaries that might impose fees, such as an exchange or clearing house. Many projects aim to be fully decentralised.
The alleged hacker exploited a vulnerability in Poly Network’s “contract calls”, a type of test that is not intended to be published on the blockchain, to access the ledgers and transfer money out, the network said.
The tokens were valued at about $600m prior to the news of the alleged hack, consisting of more than $270m on the ethereum blockchain, $250m on the Binance Smart Chain and $84m on the Polygon network, according to wallet addresses published by Poly Network on Twitter.
Etherscan indicated that the hacker had taken altcoins such as Binance Coin and Ether, as well as dozens of smaller tokens, including Shiba Inu, Matic and Uniswap. The dollar value of the stolen coins dropped to $394m as news of it spread and investors sold some cryptocurrencies, knocking the tokens’ prices.
Poly Network called on groups known as “miners” — which process transactions — and centralised crypto exchanges to help block transfers. “We will take legal actions and we urge the hackers to return the assets,” it said.
Weekly newsletter
For the latest news and views on fintech from the FT’s network of correspondents around the world, sign up to our weekly newsletter #fintechFT
Changpeng Zhao, chief executive of Binance, said his company was aware of the incident. He said while “no one controls” Binance’s blockchain, the group was “co-ordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can.”
Paolo Ardoino, chief technical officer at stablecoin company Tether, said that the group had frozen about $33m worth of its tokens, which were on the Poly Network. A substantial proportion was also in USD Coin, operated by payments service company Circle, according to Etherscan. Circle did not immediately respond to a request for comment.
Earlier this month Gary Gensler, chair of the Securities and Exchange Commission, the US markets regulator, called on lawmakers to give watchdogs more powers to protect investors from illicit activity on DeFi platforms.