Wednesday, January 26, 2022

Japanese cryptocoin exchange robbed of $100,000,000 – Naked Security


One other week, one other cryptocurrency disaster.

Final week’s story was about Chinese language cryptocoin sensible contract firm Poly Networks, which was robbed of about $600 million’s worth of varied cryptocurrencies.

That heist has was an ongoing saga wherein, mirabile dictu, the hacker finally appears to have agreed to return as a lot of the stolen cryptocurrency as he can.

In a weird stream of messages transmitted as “extra information” in zero-value transactions on the Ethereum blockchain, the thief claimed, ALL IN CAPS, to have acted out of altruism.

The hacker, now dubbed Mr. White Hat in an act of obeisance by Poly Networks, recommended that he’d taken the cash for protected retaining earlier than disclosing the bug, in order that nobody else may exploit it within the meantime.

(The implication was that the coders who could be working to repair the bug – who would inevitably must know the way the bug may very well be exploited so as to restore it correctly – would possibly themselves be rogues, and due to this fact wanted defending from their very own baser instincts by a nobler type of cybercriminality.)

The cash hasn’t all been recovered but – that’s anticipated to take just a few days extra – however Poly Networks seems confident [2021-08-20T15:00Z] that it’s going to get again most of it in the long run.

The corporate has additionally mentioned that it’s going to dig into its own pockets “to compensate for any slippage loss and costs which can be incurred.”

Amusingly, if not amazingly, Poly Networks has “rewarded” Mr. Hat with 160 Ethereum cash (about $525,000 at immediately’s value), and supplied him a task as Chief Safety Advisor.

In one of many firm’s personal blockchain messages again to Hat, Poly Networks went as far as to ask him to be a co-approver of any future upgrades to the system.

That may look like an alarming quantity of management to supply to somebody who as soon as ran off with all of your funds and intentionally shut down your entire community for 2 weeks, even when they determined to present again a lot of the cash in the long run:

We determined to make use of [a] multi-signature of relay chain validators to authorize upgrades. We additionally hope to ask you to take part sooner or later growth of the Poly Community. If you need, your handle […] might be one of many validators.

Hat, for his half, has been on the receiving finish of quite a few blockchain spam messages of his personal, with a combination of admirers, detractors and opportunists letting him know the way they really feel and what they count on from him.

YOU SAID YOU WILL GIVE ME A PERSONAL GIFT. I WOULD LIKE 32 ETH, insisted one commenter, who claimed to know the title of the corporate the place Hat used to work and threatened to disclose the small print.

One other famous, contrarily eschewing Hat’s ALL CAPS fashion and letter spacing, that Nowitseems­thatmoneyis­stillveryimportant.­Stillsupportyou!

Reality, because the truism goes, can typically be stranger than fiction.