The Crypto sector has been on a rocky time with hackers stealing $600M from decentralized finance network PolyNetwork. Considered the biggest financial theft in the history of decentralized finances. A decentralized finance portal, PolyNetwork allows users to swap tokens across various blockchains. Decentralised finance portals help in cutting down intermediaries’ hassle in completing transactions and facilitate a quicker completion. PolyNetwork functions on a prewritten public blockchain software which allows peer to peer interaction.
Decentralisation consists of various proprietary software and blockchain or open-source technologies. Smart contracts have removed the intermediaries amongst transacting parties. The biggest reason for the growth of decentralized finance platforms in recent times is due to the lack of security audit while creating it which results in developers capable of generating decentralized finance portals at a faster rate without much hassle. This raises a security concern since developers can construct decentralised platforms that are vulnerable to security flaws owing to a lack of auditing throughout development.
The cryptocurrency wallet addresses disclosed by PolyNetwork, $253M worth of Binance Smart Chain based tokens, $266M Ethereum tokens and $85M worth of Polygon tokens were hacked. Most of these decentralized financial systems run on Ethereum blockchain based on various levels of software protocols. These software protocols are generally interoperable in nature which allows and governs more than one entity in the same financial ecosystem. Investigators and security researchers state that security vulnerability in two important Poly smart contracts resulted in this heist.
The two smart contracts are EthCrossChainManager and the other one being EthCrossChainData.
EthCrossChainData is considered a high privileged smart contract which can be invoked only by the owners of the decentralized platforms and no one else. Because the contract sets out the list of public keys which are authenticator nodes managing the wallets in a given liquidity chain. EthCrossChainData provides authentication to all large transactions of funds in the PolyBinance Wallet and the Ethereum Wallet. The hacker replaced an authentication key of the node with a public key and executed a high-volume transaction to another wallet.
Decentralized finance portals are becoming an attractive target as it has been stated that around $80B are stored and locked in decentralized finance platforms. The volumes have also increased significantly from 20% in 2020 to 60% in 2021.
PolyNetwork issued a public request to all the cryptocurrency exchanges and miners to immediately blacklist the stolen funds. The platform also requested the hackers to return the funds and it appears the hackers returned 50% of the funds to PolyNetwork. Security company Slowmist stated that the hacker’s identity has been exposed and the hacker’s email and IP address are now available to the security firm. This has revealed decentralized finance platforms or blockchains are not fully secure and it is very important to audit these platforms at the foundation stage. The PolyNetwork hack adds up to the growing concern regarding cryptocurrency and the need for regulation and uniform legitimacy.
The US Senate recently passed the infrastructure Bill proposed by the US Treasury Department. The Bill requires companies with digital assets to report to the Internal Revenue Service. The tax provision in the Bill will help raise $28B over a decade which would be used for the construction of roads and bridges.
Regulation of cryptocurrency has received attention from the Ministry of Finance in India as well. Based on the findings of an inter-ministerial panel to study issues related to virtual currencies, the RBI’s concerns about private cryptocurrency trading, and the Enforcement Directorate’s sending notices to cryptocurrency exchanges that violate FEMA regulations, the recommendation is that all private cryptocurrency transactions be prohibited in India, with the exception of state-issued digital currency.
Globally, regulators have imposed pressure on cryptocurrency exchanges having no headquarters. Exchanges like Binance which were operating out of Japan and Cayman Islands have declared that they do not have licenses to operate in these jurisdictions. Binance, the world’s largest cryptocurrency exchange in volumes for spot trading has faced the glare of regulators, globally on licensing issues. It is speculated that it has ceased all its operations in European countries and in Malaysia from August 2021.
Regulator pushback and the crackdown on cryptocurrency miners in China has brought down the value of various cryptocurrencies over the course of the last three months impacting investors significantly. Domestic cryptocurrency exchanges are still hopeful and have emphasized the importance of private cryptocurrency for future developments in the country. Security and price volatility remain primary concerns. With Cryptocurrency Bill being tabled in the winter session of Parliament, we can be hopeful of some structure coming by in the space.
The monthly CryptoBlock is only for information purposes. Nothing contained herein is, purports to be, or is intended as legal advice and you should seek legal advice before you act on any information or view expressed herein.
Endeavoured to accurately reflect the subject matter of this alert, without any representation or warranty, express or implied, in any manner whatsoever in connection with the contents of this. This isn’t an attempt to solicit business in any manner.
Sources – Investopedia, CNBC, MoneyControl