The Masked truth behind Crypto heist in Poly Network as investors wail.
Hackers pulled off the biggest ever cryptocurrency heist on Tuesday, stealing more than $600 million in digital coins from token-swapping platform Poly Network, only to return nearly all the assets less than 48 hours later, the company said. It’s quite unclear how the ordeal came to happen so fast and with the biggest magnitude. However, there some masked truths underneath the massive Crypto heist of the time investors and business owners ought to understand.
Who are Poly Network?
Poly Network is Crypto organization built to implement interoperability between multiple chains in order to build the next generation internet infrastructure. Authorized homogeneous and heterogeneous public block chains can connect to Poly Network through an open, transparent admission mechanism and communicate with other block chains. The company which has already integrated Bitcoin, Ethereum, Neo, Ontology, Elrond, Ziliqa, Binance Smart Chain, Switcheo and Huobi ECO chain is a decentralized finance (DeFi) platform that facilitates peer-to-peer transactions with a focus on allowing users to transfer or swap tokens across different block chains.
- Why MSMEs are still winning in the Kenyan Economy
- Mombasa MSMEs on Fire as Kongowea Burns
- 8 Tips for a Successful Family Business
For example, a customer could use Poly Network to transfer tokens such as bitcoin from the Ethereum blockchain to the Binance Smart Chain.
Poly Network was founded by Chinese entrepreneur Da Hongfei, who is currently chief executive of Neo, a block chain platform. According to Neo’s website, Poly Network was launched in August last year as a collaboration between Neo, crypto trading platform Switcheo and blockchain company Ontology.
How did hackers still tokens?
According to Reuters, Poly Network operates on the Binance Smart Chain, Ethereum and Polygon blockchains. Tokens are swapped between the blockchains using a smart contract which contains instructions on when to release the assets to the counterparties.
One of the smart contracts that Poly Network uses to transfer tokens between blockchains maintains large amounts of liquidity to allow users to efficiently swap tokens, according to crypto intelligence firm CipherTrace.
Poly Network tweeted on Tuesday that a preliminary investigation found the hackers exploited a vulnerability in this smart contract. According to an analysis of the transactions tweeted by Kelvin Fichter, an Ethereum programmer, the hackers appeared to override the contract instructions for each of the three blockchains and diverted the funds to three wallet addresses, digital locations for storing tokens. These were later traced and published by Poly Network.
The attackers stole funds in more than 12 different cryptocurrencies, including ether and a type of bitcoin, according to blockchain forensics company Chainalysis. A person claiming to have perpetrated the hack said they had spotted a “bug,” without specifying, and that they wanted to “expose the vulnerability” before others could exploit it, according to digital messages posted on the Ethereum network published by Chainalysis. Reuters could not verify the authenticity of the messages.
Where did the money go?
Coindesk reported on Tuesday that the hackers had initially tried to transfer some of the assets from one of the three wallets into liquidity pool Curve.fi, but that transfer was rejected. About $100 million was moved out of another of the wallets and deposited into liquidity pool Ellipsis Finance, Coindesk also reported.
Curve.fi. and Ellipsis Finance could not immediately be reached for comment.
But early Wednesday the hackers started transferring assets back to Poly Network into a wallet which both parties controlled. By Thursday afternoon, the hackers had returned nearly all of the assets, with just $33 million tokens frozen earlier by cryptocurrency platform Tether outstanding, Poly Network said.
It added that it was still communicating with the hackers, referring to them as “Mr White Hat” – an ethical hacker who generally works to expose vulnerabilities so they can be fixed.
Who is the hacker?
The hacker or hackers have not yet been identified.
Cryptocurrency security firm SlowMist said on its website that it has identified the attacker’s mailbox, internet protocol address, and device fingerprints, but the company has not yet named any individuals. SlowMist said the heist was “likely to be a long-planned, organized and prepared attack.”
Despite the purported hacker posing as a so-called “white hat”, an ethical hacker who had “always” planned to give the money back, according to the messages published by Chainalysis, some crypto experts are skeptical.
Gurvais Grigg, chief technology officer at Chainalysis and former FBI veteran, said on Wednesday that it was unlikely that white hat hackers would steal such a large sum and that they may have returned the money due to the difficulties of laundering it.
Is Cryptocurrency safe for Business?
Cryptocurrencies offer several primary benefits that small businesses may want to consider:
- Lower transaction fees. The lack of a central intermediary dramatically reduces transaction fees. Small businesses accepting credit card payments often face fees of around 25 cents for each card swipe, plus 2 to 4 percent of the transaction total. These costs add up, which is why smaller stores often have credit card purchase minimums.
- Merchant protection. Crypto’s decentralized setup also protects merchants from fraudulent chargebacks. The transactions, like cash, are final, because no third party can reverse charges.
- Increased sales. Crypto’s decentralized nature enables small businesses to expand and open their doors to international buyers for whom their products and services were once inaccessible. For example, a small electronics retailer reported selling $300,000 worth of merchandise to nearly 40 countries by accepting cryptocurrency.
- Catering to consumer preferences. Accepting cryptocurrency offers another advantage by giving customers an additional way to pay while providing an extra layer of protection for their information.
With so much benefits, Cryptocurrency has a number of risks that investors need to understand, purposely the small business owners;
Accepting cryptocurrency means setting up a digital wallet on a digital currency exchange, which could be technically prohibitive for small business owners unfamiliar with the technology. Cryptocurrency is an information-dense field with a relatively high learning curve, which can present a significant obstacle when you’re also trying to run a business.
“As it stands now, small businesses, in particular, would find it difficult to accept cryptocurrency,” said Serge Beck, CEO of the blockchain ecosystem company Optherium. “And even without the technical obstacles, the volatility of crypto values still creates a disincentive for entrepreneurs to hold digital currencies.”
The highest risk of digital currencies is price volatility, which makes value extremely unpredictable. To illustrate, Bitcoin was first valued in pennies when introduced in 2009 but rose to $19,172 per coin in December 2017 according to the Washington post. Today, one Bitcoin is worth about $7,000.
Using a merchant service company such as BitPay or Coinbase helps insulate small businesses against that volatility by immediately exchanging digital currency for its cash value. Through these services, cryptocurrency payments are made in real time for the currency’s current value. The only reason for a business to hold on to cryptocurrency would be as a speculative investment, but doing so essentially amounts to gambling with your revenue stream.
Although cryptocurrency transactions eliminate cyber threats like stolen credit card numbers, the currency still isn’t 100 percent safe. So far, there is no way to completely prevent cybercriminals from getting their hands on users’ wallets. This is particularly dangerous because cryptocurrencies are not backed or insured.
- Go Get Paid! MSMEs New hope as Council of Governors announce County Fund release
- Kenya’s 2021-22 budget and its aim on MSMEs Fiscal accommodation
- Are MSMEs the only hope left that can stop Mombasa Becoming a Ghost Town?
However, some cryptocurrency companies are working to change that. Coin base, for example, holds less than 2 percent of customers’ digital currency online, and in the event of a breach, the company fully insures losses. However, these protections don’t apply if your personal wallet is hacked; it is still your responsibility to secure your personal account, but you can rest easy knowing that if the company suffers an attack, your funds are safe.
To better protect your accounts, you can enable multifactor authentication on your accounts, secure and maintain your private keys, and regularly back up your data. And companies are also working on solutions to address wallet security as well. Optherium employs a biometric verification method that identifies a user based on their facial structure to grant wallet access, greatly reducing a thief’s ability to successfully steal someone’s assets. This method also helps users reconstitute their wallet when access is lost.
Another issue with accepting cryptocurrency is that the regulatory landscape is subject to changes in the near future. Lawmakers are still crafting regulations to govern it. Once regulations are in place, they are likely to evolve further, meaning business owners will have to be adaptable.
Are Cryptocurrencies in Kenya?
In summation, Cryptocurrencies are currently not regulated in Kenya, nor are they backed by the Government or the CBK, and therefore are not recognized.
Any entrepreneur who chooses to accept cryptocurrency should be prepared to pivot and adapt to periodic changes in the law as a result. These changes could continue into the foreseeable future as cryptocurrency adoption expands and new problems and difficulties arise.
Do you have a groundbreaking story you would like us to publish? Please reach us through our email news TIPS to email@example.com or WhatsApp +254712410460. You can also subscribe to get the latest news article on this www.msamag.com