With news today that cybercriminals have stolen over six hundred million dollars in digital tokens, Deep Secure’s Crypto Security Expert, Aaron Mulgrew looks at what went wrong and how best to protect crypto assets from the criminals.
The attack is rumoured to be an exploit surrounding how the ‘smart contracts’ make up the blockchain overlay that Poly Network offers. The smart contract is in fact two separate contracts. There is a manager contract and a data contract. The data contract specifies the address which can submit transactions and withdraw coins from the pool. This is the important contract. If someone was able to modify the address to their own, they could drain all the assets from the pool because within the underlying programming language Solidity [3], it is possible to set certain functions to only run if the owner runs that smart contract.
Validation Logic
In the Poly Network heist, this is what it is believed the attackers did, running a series of transactions to drain the entire pool of coins, estimated to be approximately $600m.
At Deep Secure we have developed a Threat Removal for Crypto Currency solution that does exactly this, delivering the very highest levels of assurance that the communication channel between untrusted network and secure enclave cannot be exploited by the criminal.
Deep Secure is actively working with banks and financial institutions to help protect their cryptocurrency infrastructure from cyberattack. If you would like to know more about how we can help you, please contact us today.