The Green Investment Club Logo

A White Hat Hack: A look into the security of digital assets

18 August, 2021 | 4 MINS READ

The Hack

The Story

On Tuesday the 10th of August 2021, the biggest cryptocurrency heist happened. Over $600million was stolen from Poly Network (a token swapping platform). A couple of days later the total amount stolen was returned.

Earlier in August, Ethereum (the second largest cryptocurrency) did a network upgrade called London Hard Fork. An important part of this upgrade is the Ethereum Improvement Protocol 1559 or EIP – 1559. EIP-1559 is interesting because it’s changing the way transaction fees work on the Ethereum network and reducing the amount of Ethereum in circulation.

What is Poly Network About?

Poly Network is a Chinese-based Decentralized Finance (DeFi) platform that enables peer-to-peer transactions allowing users to swap tokens (units of a digital asset) across blockchains. In simple terms, it is a platform that allows users to move digital assets across different blockchains. E.g., moving Bitcoin from the Ethereum blockchain to an entirely different blockchain.

Poly Networks operates on 3 blockchains: the Ethereum blockchain, Binance Smart Chain & Polygon blockchain. Tokens are exchanged between the blockchains using smart contracts which have instructions on when to release the assets to the counterparties. For efficiency in token transfer, Poly Network keeps one of the smart contracts very liquid.  

The Hack

The hack took place after the hacker identified a bug i.e., a vulnerability in Poly Network’s most liquid smart contract. The hacker went on to steal different types of cryptocurrencies across the 3 blockchains on which Poly Network operates. 

On discovering the hack, Poly Network published the addresses that held the stolen assets and requested that miners and crypto exchanges blacklist any token coming from those addresses. They took it a step further by putting up a message on Twitter directed to the hacker, the message urged the hacker to return the assets as it will be difficult for him/her to get away with stealing such a huge amount of digital assets.

The hacker however initiated the process for returning the assets a few hours after SlowMist a blockchain security company announced that it had gathered information about the hacker including the mailbox, IP address, and digital fingerprints of the hacker.

Poly Network then offered the hacker a $500,000 bug bounty. A bug bounty is sort of a reward given to those who discover bugs or vulnerabilities in a digital framework, the hacker is yet to accept the bounty. Though Poly Network has tagged the hacker a “White Hat” (an ethical hacker who points out vulnerability in a system), it is suspected the assets were most likely returned because of the difficulty of laundering such amount of digital assets.

Does the Unsuccessful Hack Imply Transparency?

The hacker’s inability to launder the assets stolen or easily convert them to fiat money makes a case for improved transparency and regulations around the use of cryptocurrency and blockchain. The speed at which Slow Mist was able to get relevant information about the hacker after he transferred the assets to 3 addresses, the freezing of $33 million USDT of the stolen assets by Tether immediately after the attack, and Binance’s help with monitoring the movement of the assets all speak to significant improvement in transparency in the use of cryptocurrencies and blockchain technology.

How Secured is DeFi?

Before now, crypto exchanges were the victims of hackers, Mt Gox a Tokyo based crypto exchange collapsed after it lost $500million to hackers. Crypto exchanges have over the years grown and gotten a hang of the security of their platforms. This has shifted hacker’s focus to DeFi platforms.

Decentralized Finance (DeFi) platforms are platforms that enable financial services with the use of smart contracts. Smart contracts are automated enforceable agreements that do not require traditional intermediaries like banks, lawyers, or exchanges. People can lend, borrow, and save money on DeFi platforms based purely on mutual trust, unlike the traditional system that would require that lenders and borrowers identify themselves or they have some form of documentation. While this has the potential to improve financial inclusion, it exposes its users to the risk of being defrauded and their accounts getting hacked.

According to CipherTrace (a blockchain security company), losses from crime on DeFi platforms is at an all-time high, with thieves, hackers, and fraudsters making away with $474 million between January and July 2021. This rise came along as more people used DeFi platforms, funds on these platforms according to DeFi Pulse (a DeFi analytics website) are said to be over $80billion, a significant rise from the $6bn in DeFi as of 2020.

Despite claims by proponents of DeFi of it being able to police itself, the risk of using DeFi platforms seems to be on the rise. Regulation is however coming to play as the U.S Security and Exchange Commission (SEC) has called on the Congress to draft legislation that would control transactions on DeFi platforms.

While it is obvious that the financial system is evolving to become more decentralized and liberalized, it is important that checks and balances be put in place to mitigate the risk of decentralization and harness the potential benefits.

How to Secure Your Crypto Assets

As the world continues to evolve into the digital age, cryptocurrency-based assets will continue to gain relevance and so will cybersecurity issues. It is important that investors understand how to protect their crypto/digital assets.

In preserving digital assets, investors need to look out for cryptocurrency exchanges that uphold high standards of security. Look for crypto exchanges that have strict security protocols, clear-cut guidelines to responding to a security breach, and possibly an insurance policy to protect users against theft.

Digital wallets or crypto exchanges that have been in existence for a period of time can be trusted for their security as they’ve been time tested, it is important that such wallets or exchanges stay abreast of current security measures that help protect digital assets.

Investors can also keep their digital assets in offline wallet storage, a hardware device that stores the private keys of your digital asset. Though this is seen as one of the most secured ways of preserving digital assets, there is the risk of loss or damage of the storage device.

Investors also need to take responsibility and be able to identify crypto scams like offers that earn a lot of money within a short period of time and guarantees returns on crypto investments or messages on social media outlets that request that cryptocurrency be sent for one cause or the other.

The Ether Upgrade

Ethereum on the 5th of August carried out an upgrade on its network called the London Hard Fork, the highlight of this upgrade is the EIP 1559 (Ethereum Improvement Proposal 1559). EIP 1559 completely changes how fees are paid on the Ethereum network. Before now, fees on the Ethereum network were paid in a supply & demand auction system. This system of payment made fees on the network volatile and sometimes expensive. Fees on the Ethereum network have ranged between $4 – $44 in the first half of 2021.

EIP 1559 has changed this, users of the network now pay a base fee to process transactions on the network. This base fee rather than being paid to miners is burned. This new fee burning transaction payment method puts a cap on the growth of the amount of Ethereum in circulation. This has pushed up the price of Ethereum to $3,178 as at the time of writing growing 13% from its price as of the 5th of August 2021. This new fee payment method reduces the rate at which tokens are mined, making Ethereum scarce. This scarcity will aid price rise in times of high demand.

The scarcity notwithstanding, cryptocurrencies like Ethereum are still high-risk assets. Investors should bear this in mind when buying crypto assets.

Read other posts.

Join the biggest
investment club in Nigeria.

TGIC
Disclaimer icon
DISCLAIMER:

Please note that the only messaging platform we have a group on is Telegram. Any other group you find, on WhatsApp or any other platform that operates in our name or any close imitation, is a fraudulent setup that must be avoided and reported.

For more enquiries: hello@thegreeninvestmentclub.com