Poly Network Heist: Hackers Steal $600 Million in Cryptocurrency

Poly Network, a decentralized finance and blockchain-unifying platform, suffered a cyber-attack resulting in hackers absconding with $600 million in cryptocurrency. This is one of the largest cryptocurrency heists in history. 

Surprisingly, the hackers actually returned approximately half of the stolen assets today. Ploy Network disclosed the attack yesterday on Twitter, asking to establish contact with the hackers; in addition, it asked the threat actors responsible to return the stolen cryptocurrency. 

It appears that hackers exploited a vulnerability in the Poly Network platform, although the exact nature of this vulnerability remains unknown at the time of writing. 

A cryptocurrency heist of this size asks us to think about our own IT vulnerabilities and cybersecurity. We gathered some cybersecurity experts to hear their thoughts.

Poly Network Heist: Hackers Steal $600 Million in Cryptocurrency

Hank Schless

Hank Schless is Senior Manager of Security Solutions at Lookout. 

“Recently, cryptocurrency has found itself at the center of most data breach headlines. Decentralized finance (DeFi) has not only become a primary target for cyber-criminals, and the cryptocurrencies that it supports are the primary payment method for attacks like ransomware. 

Since cryptocurrency and blockchain are still relatively new technologies, they present an opportunity for threat actors to socially engineer targets. Crypto investors are constantly looking for an edge in the market or what the next big currency that’s going to explode in value. Attackers can use this thirst for information against users in order to get them to download malicious apps or share login credentials for legitimate trading platforms they use. The attacker could then use the malicious app to exfiltrate additional data from the device it’s on or take the login credentials they’ve stolen and try them across any number of cloud apps used for both work and personal life. 

In order to increase the likelihood of success, attackers target users across both mobile devices and cloud platforms. For example, Lookout recently discovered almost 200 malicious cryptocurrency apps on the Google Play Store. Most of these apps advertised themselves as mining services in order to entice users to download them. 

Crypto platform providers need to ensure that their employees are protected and don’t become conduits for cyber-criminals to make their way into the infrastructure. Employees are constantly targeted by mobile phishing and other attacks that would give a cyber-criminal a backstage pass to the company’s infrastructure. The risk of this happening can be reduced by implementing a powerful combination of a unified mobile threat defense (MTD) and cloud access security broker (CASB) solution that can protect the user on the endpoint and recognize anomalous activity indicative of a compromised employee account.”

Thanks to Hank for his time and expertise on the massive cryptocurrency heist. For more analysis of the cybersecurity market, check out the Endpoint Security Buyer’s Guide. Alternatively, check out the new Endpoint Detection and Response Buyer’s Guide. Both provide detailed analysis of the major vendors and our Bottom Line comments on each. We also answer major questions facing IT decision-makers and provide key definitions of solution capabilities.