Decentralized finance (DeFi) networks have emerged as some of the more exciting applications for blockchain technology over the past year.
DeFi effectively offers the same financial services as traditional banks and brokerages, just in a different way. For instance, crypto users can send their coins and tokens to lending pools, earning a share of the interest from users who borrow from the pool.
Decentralized finance protocols have effectively replaced centralized institutions by using smart contracts (agreements between parties in the form of computer code) to govern transactions. However, this novel solution is often the crux of DeFi’s problems.
This advancing DeFi paradigm has faced its fair share of headwinds, namely the exploitation of smart-contract flaws that have parted users from their coins. Case in point, the recent hack of Poly Network, a China-based DeFi network, resulting in the loss of more than $600 million worth of user funds.
Poly Network is a peer-to-peer service connecting different blockchain networks, including Ethereum, Binance Smart Chain, and Polygon. The network holds user funds in smart contracts to help other users seamlessly transfer coins between blockchains.
A weakness in the network’s smart contract code was discovered by an enterprising hacker, who exploited the flaw to steal the most significant amount of cryptocurrency in DeFi’s short-lived history.
What happened next was utterly unexpected. After a back-and-forth with Poly Network, the anonymous hacker began to return the stolen funds, even explaining how the attack was carried out, and why (to an extent).
More importantly, the situation also highlighted the blockchain universe’s effective self-regulatory and policing efforts.
According to Alkemi Network CXO and co-founder Ben Cooper, “All the funds were returned and the ‘attacker’ didn’t necessarily have the intention of stealing money but more highlighting the weaknesses in the code and processes. Once the flaws in the contract can be fixed, the protocol is stronger and can move forward.”
“Poly was, to some extent, fortunate in this case. Moreover, the ‘white hat’ community is a powerful force for good within the DeFi ecosystem, ensuring protocol efficiency and safety of funds.”
The Hack that Brought the Community Together
Although many politicians point to cryptocurrency as a hotbed of illicit activity and fraud, the latest hack largely proved the opposite. The stablecoin Tether, of which $33 million worth was stolen by the hacker, was immediately blacklisted and frozen by Tether itself so it could not be moved or laundered.
Moreover, the DeFi community banded together to track the funds and their movements. This was made possible due to blockchain-ledger technology, which makes transparent monitoring of network activity very straightforward. Together with Poly Network, users managed to help identify the movement of funds to prevent them from disappearing.
With the community doing everything it could to track down the hacker by identifying the stolen funds and creating circumstances that would make it difficult, if not impossible, to launder the hijacked coins, Poly Network appealed to the hacker to return the illicit haul.
Imagine asking a bank robber to return stolen funds after a heist.
Fortunately, the effort paid off, and the hacker contacted the network to coordinate the return of the funds to a multi-signature wallet address. Although it remains unclear if the individual is a white hat hacker (an individual who identifies vulnerabilities to help fix them), or a black hat hacker (an individual who identifies vulnerabilities to exploit them), the community’s quick action severely constrained the hacker’s ability to maneuver.
More interesting than the return of funds, was the fact that it occurred without the intervention of a centralized government entity or security agency. The hacker also noted in a Q&A that the hack was done for fun, teaching a timely lesson on the importance of smart-contract security.
What’s Next?
Cybersecurity flaws have popped up frequently in DeFi protocols, and brazen thefts like the Poly Network hack demonstrate that more must be done to protect users.
J.D. Gagnon, co-founder of BENQI notes, “The Poly Network hack was actually a fairly complicated operation that required a deep understanding of the protocol to pull off. However, it definitely could have been prevented. Those in the know have admitted that a non-trivial number of projects do rush through their audits. I believe that project teams should give auditors the necessary time to conduct their work.
“Further, I’d even recommend getting multiple audits just to make sure. There is no silver bullet here as the rewards to the exploiters are unfortunately still really high.”
The most important takeaway from this event is that the crypto community is more prepared than ever to respond to hacks, and well-positioned to self-regulate as the crypto toolkit grows over time.
Disclosure: Reuben Jackson held no position in any of the companies mentioned in this article at the time of publication.
Disclaimer: The information contained herein is for informational purposes only. Nothing in this article should be taken as a solicitation to purchase or sell securities.
