SlowMist: Tracking possible identification clues related to Poly Network attackers

1)This evening, the cross-chain interoperability protocol Poly Network was attacked, and a total of more than 610 million US dollars were transferred to 3 addresses. The impact caused the transfer of large assets of the O3 Swap cross-chain pool.

2)The SlowMist security team has grasped the attacker’s mailbox, IP, and device fingerprints through on-chain and off-chain tracking, and is tracking possible identity clues related to the Poly Network attacker.

3)With the technical support of SlowMist’s partner Hoo and multiple exchanges, the SlowMist security team found that the hacker’s initial source of funds was Monero (XMR), which was then exchanged to BNB / ETH / MATIC on the exchanges. Wait for the currency and withdraw the tokens to 3 addresses respectively, and launch an attack on the 3 chains soon.

4)Combining the flow of funds and multiple fingerprint information can be found, this is likely to be a long-planned, organized and prepared attack. Further tracking and detailed vulnerabilities and technical details are being analyzed by the SlowMist security team.
In addition, it is reported that Tether has frozen 33 million USDT on the address of the Poly Network attacker.

Focuses on Blockchain Ecosystem Security, has served Huobi/OKEx/Binance/imToken, nearly a thousand commercial customers in total.