Technical Analysis of the Poly Network Hack

Technical Analysis of the Poly Network Hack(rekt.news)

96 points by w4llstr33t 4 years ago | 32 comments

3pt14159 4 years ago |

It will never cease to amaze me that someone with the technical chops to pull off an attack worth this much hasn't done the minimum pre-work necessary to get away with the cash or at least some non-trivial amount of it.

lordnacho 4 years ago | |

They're claiming to be white hat and have given back 250m.

saurik 4 years ago | | |

But 1) in the context of the article (which only knows about $4.7m being returned), this was only something they did after they failed to get away with the money; and 2) if you were a "white hat" you would give back all of the money, not 40% of it ;P.

mdoms 4 years ago | | |

They only started making that claim after foolishly transferring the coins to an address tied to a Binance account.

ryanmarsh 4 years ago | | |

250 of 600? I question how white that hat is.

mschuster91 4 years ago | |

Money laundering, especially when hundreds of millions of dollars in value are on the line (meaning it's not your sleepy local police office dealing with it, but the best the federal government can offer), is hard in itself - and cashing out in actual physical dollars is even harder.

The potential for messing up on the way is simply enormous. Remember Silk Road? Guy got v& because of a stackoverflow post.

meowface 4 years ago | | |

>The potential for messing up on the way is simply enormous. Remember Silk Road? Guy got v& because of a stackoverflow post.

Ulbricht messed up in a lot of different ways. That was just one of the many. It wasn't just one little slip-up; he had truly awful OPSEC. (And pretty poor technical skills in general, it seems, based on his SO question [1] and various other things.) Even if the SO question potentially may have been found through parallel construction (no way to ever know), there were so many different parallel paths investigators could've taken that his downfall was almost certainly inevitable.

But your overall point is definitely correct. The oft-quoted attacker's advantage in information (and other) security is that the defenders need to "win" every time and the attackers only need to "win" once. Try 100 different exploit attempts; if the defenders prevent 99 of them, they lose.

This gets flipped when it comes to OPSEC. The attacker needs to "win" every OPSEC battle and the investigators often only need to "win" once. If they find a single mistake, they may be able to tug on a thread that leads to the attacker's likely affiliation and identity. And the more sophisticated and complex the attack, the more surface area there is for mistakes, just like how more complex systems/organizations have larger surface areas for attackers to target.

[1] https://stackoverflow.com/questions/15445285/how-can-i-conne...

goldenkey 4 years ago | | |

Not really. Ethereum has anonymous transfers through zkSnarks in the same spirit as other anon cryptos, except as a contract:

https://tornado.cash/

All the hacker would have had to do was do the hack from a secure connection (ie cantenna to free wifi + proxy chaining ..etc.)

https://tornado-cash.medium.com/how-to-stay-anonymous-with-t...

yonixw 4 years ago |

What was missing for me in the article is the fact that they don't call a function by name AND by validation of hash.

Instead, only by hash(<method name string> + "(bytes,bytes,uint64)").slice(0,10) which is brute-force-able.

Still, this sounds just like one of my worst nightmares. A code in production having bugs that will lose all my money to an untraceable environment (the tornado chain).

dcolkitt 4 years ago | |

Funny tangent about the function hash... I can't tell you the number of man-hours I spent brute-forcing random function names to find the lowest value hash.

Quick background. Back in the pre Flashbot days, the competitive barrier to front running was winning priority gas auctions. Basically whoever was able to bid at the highest gas price would get their transaction mined with first, and would extract the MEV. (Kind of analogous to traditional HFTs fighting to shave off nanoseconds to win a latency-based priority race.)

So you had to make sure that your on-chain smart contract for the front-running bot is an insanely gas optimized as possible. You'd literally pay a thousand times per unit of gas as the average person. Every single byte matters. And one thing about the EVM is that zero bytes in the transaction data cost slightly less than non-zero bytes.

So anyway, in the hot-path of that front-running bot, you'd want to get as many zeros in the method hash as you could. So I'd literally run a GPU to brute force method names.

Daishiman 4 years ago | | |

I am simultaneously stunned at the brilliance of the scheme and the monumental loss of human productivity.

nootropicat 4 years ago | | |

Wouldn't it be cheaper to replace the method id with byte id? No need to follow solidity abi if nobody but you is going to call the contract.

hamburgerwah 4 years ago |

This doesn't even sound like a hack. The beneficiaries executed the digital contract in way that was explicitly permissible by the contract. It was perhaps contrary to the original intent of the contracts creator but that intent needs to be irrelevant for digital contracts to serve any useful purpose more than just traditional non-digital contracts.

patrickthebold 4 years ago | |

I agree, I'm not a lawyer but it's not clear to me what laws the hacker broke.

cwkoss 4 years ago |

Great write up.

I wonder if Coinbase has flagged the USDC that was stolen. Are those currently less-fungible USDCs?

martinko 4 years ago | |

Don't know about USDC, but USDT almost instantly locked the funds, making them unspendable.

cwkoss 4 years ago | | |

Interesting. Do you know the mechanics of how funds get locked? Are they prevented from being transferred on-chain or only from being removed at the USD-USDT edges?

yonixw 4 years ago | | |

Does this mean they are lost forever? like burning real bills? Or is there a mechanism to repay the original owners?