Hackers steal $600m in major cryptocurrency heist

Hackers have stolen some $600m (£433m) in what appears to be one the largest cryptocurrency heists ever.

Blockchain site Poly Network said hackers had exploited a vulnerability in its system and taken thousands of digital tokens such as Ether.

In a letter posted on Twitter, it urged the thieves to “establish communication and return the hacked assets”.

In scale, the hack is on par with huge recent breaches at exchanges such as Coincheck and Mt Gox.

In its letter Poly Network said: “The amount of money you have hacked is one of the biggest in defi [decentralised finance] history.

“Law enforcement in any country will regard this as a major economic crime and you will be pursued.

Poly Network said a preliminary investigation found a hacker exploited a “vulnerability between contract calls”.

It urged various exchanges to block deposits of the coins, after millions of dollars in tokens were transferred to separate cryptocurrency wallets.

About $267m of Ether currency has been taken, $252m of Binance coins and roughly $85 million in USDC tokens.

Changpeng Zhao, chief executive of Binance, said his firm was aware of the hack, but added there was only so much he could do.

He said the group was “co-ordinating with all our security partners to proactively help”.

“There are no guarantees,” he added.

Poly Network is a decentralised finance – or Defi – provider, which allows users to transfer tokens tied to one blockchain to a different network.

‘All-time high’

Cryptocurrency systems such as Ether and Binance were developed independently, so have struggled to work in conjunction with each other.

Losses from fraud in the Defi sector hit an all-time high of $474m in the first seven months of the year, a report from research company CipherTrace said on Tuesday.

But losses from crime in the overall cryptocurrency market dropped sharply to $681m, compared to $1.9bn for the whole of 2020 and $4.5bn in 2019.

Last week, the US Securities and Exchange Commission (SEC) charged Defi lender Blockchain Credit Partners and two of its top executives for raising $30m through allegedly fraudulent offerings.

The case is the SEC’s first involving securities in the Defi space.