SlowMist: Tracking possible identification clues related to Poly Network attackers

SlowMist
1 min readAug 10, 2021

--

1)This evening, the cross-chain interoperability protocol Poly Network was attacked, and a total of more than 610 million US dollars were transferred to 3 addresses. The impact caused the transfer of large assets of the O3 Swap cross-chain pool.

2)The SlowMist security team has grasped the attacker’s mailbox, IP, and device fingerprints through on-chain and off-chain tracking, and is tracking possible identity clues related to the Poly Network attacker.

3)With the technical support of SlowMist’s partner Hoo and multiple exchanges, the SlowMist security team found that the hacker’s initial source of funds was Monero (XMR), which was then exchanged to BNB / ETH / MATIC on the exchanges. Wait for the currency and withdraw the tokens to 3 addresses respectively, and launch an attack on the 3 chains soon.

4)Combining the flow of funds and multiple fingerprint information can be found, this is likely to be a long-planned, organized and prepared attack. Further tracking and detailed vulnerabilities and technical details are being analyzed by the SlowMist security team.
In addition, it is reported that Tether has frozen 33 million USDT on the address of the Poly Network attacker.

--

--

SlowMist
SlowMist

Written by SlowMist

SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.