Major hack on Poly Network steals $300 million US dollars worth of cryptocurrency

Edit: there is some conflict about the exact amount, with the security pages I have read saying 300m and the news saying 600m. I am unsure of the exact amount. It’s probably 600m but I will leave the rest of the article as is.

While not strictly Chia related, it is worth knowing and understanding what can happen with smart contracts. Today Poly Network, a cross chain smart contract exchange platform, was hacked on 3 separate chains to tune of $300 million. It looks like, based on some excellent work by the BlockSec Team (who I found courtesy of the one and only Son of a Tech) that a valid signing key was used to sign a transaction command and empty the funds from the smart contract. Either the keys were leaked or there was an issue discovered in the original signing process.

These are typical security issues found in any software package or project. People are neither perfect nor immune to compromise especially when numbers like “Three hundred million dollars” are floating around. No key is safe if a person has access to it. I don’t have much to add to this that isn’t already available, I suggest watching Son of Tech’s video embedded below to get the full story or reading it about it literally anywhere.

It is worth keeping these things in mind as Chia moves into DeFi with a brand new, untested language and a brand new execution environment. The idea that there won’t be hacks or exploits, or issues with the code is asinine. There will be. There always are. What matters is how you defend yourself and how prepared you are to recover.

Update: Thank you to Hendrik for finding the funniest, saddest Tweet I have seen in a long time. No, Poly, you aren’t getting your money back because the hackers will feel bad. I promise you.

pic.twitter.com/Yzw4oDenjC

— Poly Network (@PolyNetwork2) August 10, 2021