Reflections: $600 Million Hack Leaves Mature Crypto Market Unfazed
To much surprise, the largest crypto hack in history—involving more than $600 million in stolen assets—left the market largely unscarred. Let’s examine why—and precisely what this milestone means for the larger digital asset community.
DeFi’s Largest Hack Explained
In the aftermath of the largest hack in DeFi history, all $611 million have been returned, minus the $33 million USDT which had been frozen by Tether. To briefly recap, the hacked Poly Network is a cross-blockchain interoperability project between three platforms:
- Neo – Dubbed as the “Ethereum of China”, it shares many key features with Ethereum in addition to having decentralized file storage, oracles for feeding external data into smart contracts, and an ID system.
- Ontology – Also based in China, Ontology is a high throughput open-source blockchain featuring cross-chain and Layer 2 scalability. The latter refers to offloading micro transactions off the mainnet (Layer 1) in order to increase blockchain’s processing speed and lower transaction fees. You may have heard of Layer 2 as one of the goals toward Ethereum’s 2.0 transition.
- Switcheo – Singapore-based, non-custodial decentralized exchange (DEX), facilitating the exchange of 60 cross-chain pairs.
Between them, Poly Network was born as a way to integrate blockchains into a single cross-chain ecosystem. Consequently, the $611 million hack occurred across three blockchains:
- $273 million from Ethereum.
- $85 million from Polygon, in USDC stablecoin.
- $253 million from Binance Smart Chain (BSC)
Much of the funds were in wBTC and RenBTC, both representations of Bitcoin to be traded on Ethereum, just like some stablecoins are representations of USD to be traded on blockchains. Since the infamous and much-mocked “Dear Hacker” letter issued by Poly Network, the cross-chain platform has come to terms with the assailant, approving of the unknown individual as “Mr. White Hat”.
In the cyber security sphere, white hats are ethical hackers who test network security rather than disappear with stolen funds never to be seen again. Indeed, Poly Network’s Mr. White Hat even refused their offer of $500,000 as a bounty for finding the exploit, as shown on this Ethereum transaction.
“THE POLY DID OFFERED A BOUNTY, BUT I HAVE NEVER RESPONDED TO THEM. INSTEAD, I WILL SEND ALL OF THEIR MONEY BACK.”
Speaking of bugs and bounties, the vulnerability didn’t involve the trendy flash loan attack but circumvented private keys entirely by having the smart contract send him the funds to himself, according to John Jefferies, CipherTrace’s financial analyst. With the historic but benign DeFi attack behind us, here is how the updated hacking landscape looks like.
As you can see, the trend is moving away from crypto exchange hacks to more lucrative and still novel DeFi protocols. However, it bears noticing how little of an impact this record-breaking hack has had on the crypto space, even before it was revealed that ‘Mr. White Hat’ will return all the funds.
Large Hacks Now Have Little Impact on the Crypto Market
To give you the necessary perspective on how much the crypto market has matured, the previous record-holder was the Mt. Gox hack. From February to March of 2014, it had been revealed that hackers got away with $460 million worth of 844,408 BTC, representing 7% of Bitcoin’s total supply. At today’s price, that would translate to $39.1 billion.
Accordingly, Bitcoin value fell by 23% as the news unfolded. Keep in mind, Mt.Gox handled about 70% of all Bitcoin transactions at the time.
Only until recently, as of January 2021, 90% of those stolen funds are eligible to return to holders as CoinLab made a deal with Mt. Gox trustee to reimburse them. Outside of exchange hacks, there is the prominent personality FUD as the looming threat. When Jamie Dimon, JPMorgan’s CEO, called Bitcoin a fraud in September 2017, Bitcoin dropped by 8%, at $3,766.
“It’s worse than tulip bulbs. It won’t end well. Someone is going to get killed,” Jamie Dimon at Barclays’ conference in 2017.
This caused such a panic that people even flocked to Quora to ask the following:
Since then, Bitcoin’s price has risen by 12X, so the proclamations of Bitcoin’s demise were premature to say the least. However, what is more interesting to note is that Dimon’s statement coincided with China’s announcement to ban ICOs – Initial Coin Offerings. This represents the exact pattern when Elon Musk triggered the crash of the crypto market by over 40% alongside China’s annual repetition to ban cryptos.
The only difference is that this time, Chinese miners took heed and began the Great Migration. All of this leaves the crypto space with significantly reduced vulnerabilities:
- China’s historic proclamations against Bitcoin hold less sway, as its hash rate reduced from 73% in December 2019 to 46% to April 2021.
- Prominent personalities are losing FUD sway as well, especially those with a track record, e.g., the more Elon Musk tries to manipulate the market the more there is resistance built against it.
- Digital asset holdings are much more decentralized when it comes to crypto exchanges, with the top one – Binance – now holding considerably less BTC than the bankrupted Mt. Gox which previously had 70% of BTC’s circulating supply.
Moreover, the cogs in the DeFi machine seem to be much more coordinated and transparent. The latest Poly Network exploit showed rapid response from Tether as it froze $33 million USDT. Tom Robinson of blockchain analytics Elliptic thinks that Mr. White Hat turned white because it is exceedingly difficult to withdraw money without leading to real identity, as showcased by Elliptic software.
This may also be the reason why he refused the $500k bounty. Therefore, he may have taught Poly Network a valuable lesson to shore up their coding practices, but he also showcased to other would-be hackers that safe withdrawal is becoming almost impossible. Chinese cybersecurity firm SlowMist had already announced that it had identified Mr. White Hat’s IP address and device fingerprint.
“Combined with the flow of funds and multiple fingerprint information, it can be found that this is likely to be a long-planned, organized and prepared attack.”
In the end, the market barely felt the “biggest crypto hack ever” since the news was published on August 11th.
In conclusion, maturity of the crypto space is heading in all the right directions: greater decentralization, higher demand for code auditing, more comprehensive blockchain analytics tools, more resistance to FUD, and greater market caps to absorb them if they do occur.
Do you think blockchain transparency is beneficial in the long run, or will people seek more private DeFi venues? Let us know in the comments below.