In another breach of a cryptocurrency platform, more than $600 million in digital tokens has been stolen by hackers on Wednesday, adding to the culminating cyberheist stories gracing the digital asset market, which raises questions about the security of crypto exchanges.
The platform, Poly Network, which facilitates peer-to-peer transactions announced the heist Wednesday on Twitter and posted details of digital wallets to which it said the money was transferred, urging people to blacklist tokens from those addresses.
Crypto trade publication The Block, said the value of the tokens in the wallets cited by the platform was just over $600 million at the time of the announcement.
Tekedia Mini-MBA edition 16 (Feb 10 – May 3, 2025) opens registrations; register today for early bird discounts.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
Since 2011, hackers have stolen more than $8 billion worth of cryptocurrencies. According to a report from Amsterdam-based blockchain analytics firm Crystal Blockchain, over $2.8 billion was stolen through exchange security breaches that totaled 113 as of last year, and has increased following a number of heists in 2021.
In 2014, the Mt. Gox exchange based in Tokyo, collapsed after losing half a billion dollars in bitcoin. The Coincheck breach of 2018, which saw hackers made away with $535 million worth of NEM coins, was top of it until Wednesday’s Poly Network’s $600 million heist.
The platform, with the warning that it planned to take legal action, urged the hackers to return the stolen funds to several of its digital addresses.
The warning seems to be yielding results, with around $4.8 million in stolen tokens returned by Wednesday afternoon, according to public blockchain records and crypto tracking firm Elliptic. Analysts have attributed the move to the hurdles involved in moving such a huge amount of stolen crypto as it may give the hackers away.
In June, the Federal Bureau of Investigation (FBI) pulled off a first-of-its-kind operation to recover the $4.4 million paid in ransom through cryptocurrency to a criminal gang responsible for a ransomware attack on a US oil company, Colonial Pipeline. The operation sends a clear message that blockchain’s DeFi (decentralized finance) is no longer a guarantee that its transactions cannot be traced or reversed especially when it involves huge sums.
“There’s so much public attention on this, and exchanges will be on the lookout for customer deposits linked to this theft,” Tom Robinson, Elliptic co-founder said. “This demonstrates that even if you can steal crypto assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the broad use of blockchain analytics by financial institutions.”
However, the FBI’s breakthrough doesn’t answer the worrisome question about hacks and breaches of crypto exchanges, which is among the reasons for increased calls for regulation of crypto operations.
DeFi platforms allow financial transactions, usually in cryptocurrency, without traditional gatekeepers such as banks or exchanges. The sector has boomed over the last year, with platforms now handling more than $80 billion worth of digital coins. The increasing volume of transactions on DeFi system exposes technical flaws and weaknesses in the code many platforms use, leaving it vulnerable to hacks and heists.
But the security lapses boil down to many other factors that border also on the lack of regulations and guidelines for exchanges.
“Their security policies are neglected because these new services cannot (financially) afford to pay as much attention to such security issues, whereas well-established entities are in a better position to ensure and prioritize security,” Said Kyrylo Chykhradze, a product director of Crystal Blockchain in an email to Coindesk. “This results in newer services becoming cherry-picking opportunities for bad actors who can spot those vulnerabilities.”
The chief technology officer of Tether, a stablecoin or type of cryptocurrency usually backed by real-world world assets, said on Twitter the company had frozen $33 million connected with the hack, and top management at large crypto exchanges responded to Poly on Twitter saying they would try to help. But it’s all reactive and doesn’t proffer a proactive solution to the problem that has got a lot of investors worried.
“It is a massive hack … as large as Mt. Gox,” said Bobby Ong, co-founder of crypto analytics website CoinGecko, although he noted the fallout had not yet hurt major crypto prices. “This project is finished in my opinion. (It is) going to take a lot to regain confidence.”
While it’s difficult for hackers to launder stolen crypto worth millions of dollars, it will barely get noticed when the sum is in thousands, and that leaves many investors vulnerable.