Poly Network hack: the largest DeFi hack to date. How to monitor the funds?

Key takeaways:

  • Poly Network suffered a hack that is said to be the largest one in DeFi history.
  • After establishing communication with the hacker, Poly Network started to receive some of the stolen funds back.
  • In such cases, blockchain analytics tools are very useful to track and monitor the coins.

Poly Network is a cross-chain protocol acting as a bridge on the Ethereum, Binance, and Polygon blockchains and allowing users to transfer funds from one blockchain to another.

On Tuesday 10, 2021, it announced1 on its Twitter account that a hacker struck the 3 chains in a row, namely Ethereum, Binance, and Polygon blockchains stealing large amounts of funds.

The hack is said to be the largest one in the (DeFi) industry with around $610 million stolen in various cryptocurrencies including ETH and tokens such as DAI or USDT for instance.

Poly Network team was able to identify three wallet addresses belonging to the hacker and reported them on Twitter:

  • ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
  • BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71
  • Polygon: 0x5dc3603C9D42Ff184153a8a9094a73d461663214

After a preliminary investigation from Poly Network2, the hacker is reported to have taken advantage of a vulnerability between contract calls.

Poly Network urged crypto platforms to blacklist tokens coming from the addresses above. Tether froze an equivalent of $33 million in USDT on the Ethereum chain3.

The team also started communication with the hacker asking to return the funds4 and providing a return address: 0x71Fb9dB587F6d47Ac8192Cd76110E05B8fd2142f5. After leaving several transaction messages, it seems that the hacker started to send back some of the stolen funds from Polygon Network6. On a screenshot posted on their Twitter account, we can read the transaction message: “You are moving things to the right direction. We received 1+M USDC on Polygon.”

As of August 12, PolyNetwork published7 on their Twitter account that the hacker, called Mr. White Hat by Poly team, transferred all the funds, except the frozen USDT, to Poly Network on a multisig wallet jointly controlled by the two. To finish the fund recovery process, Poly Network keeps communicating with the hacker to receive the final key.

This hack is the latest targeting the DeFi sector which often suffers from attacks and exploits due to its increasing popularity in the past few months. Compliance officers dealing with cryptocurrencies should thus be cautious about such funds to remain compliant.

How to monitor the funds from this hack?

As with every hack, Scorechain takes prompt action to red flag the related addresses. Scorechain flagged the address related to the Poly Network hacker on its Ethereum Platform:

  • 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963

The address is now flagged as “Hack” and has the lowest score of 1.

With Scorechain crypto compliance software, users can easily track the destination of the funds related to this hack. Scorechain users can also use risk indicators to be notified if an address has interacted with the funds. If this is the case, the risk indicator “Hack” will be triggered if it has been set beforehand by the user.

Users can also set up alerts to monitor the funds in real-time and take prompt appropriate measures if necessary. On Scorechain Ethereum platform, users can select which coins they want to monitor and define their custom conditions for the alert to be triggered.

Scorechain solution also comes with tools like the Case Manager, KYA/KYT reports, the Entity Directory that allows compliance officers to implement a comprehensive risk-based approach to crypto transaction monitoring.

Lately the DeFi sector has been targeted by several hackers. Such funds have a very high money laundering risk and should be treated carefully by compliance officers. Having tools in place such as Scorechain solution is an easy way to mitigate these risks and comply with crypto AML/CFT requirements worldwide.

Don’t hesitate to reach out to get a demo and a free trial and discover how Scorechain can help your business to be compliant.

About Scorechain

Scorechain is a Risk-AML software provider for cryptocurrencies and digital assets. As a leader in crypto compliance since 2015, the Luxembourgish company serves more than 100 customers in 37 countries, ranging from cryptocurrency businesses to financial institutions with crypto trading, custody branch, digital assets customers onboarding, audit and law firms and some LEAs.

Scorechain solution supports Bitcoin analytics with Lightning Network detection, Ethereum analytics with all ERC20 tokens and stablecoins, Litecoin, Bitcoin Cash, Dash, XRP Ledger and Tezos. The software can de-anonymize the Blockchain data and connect with sanction lists to provide a risk scoring on digital assets transactions, addresses and entities. The risk assessment methodology applied by Scorechain has been verified and can be fully customizable to fit all jurisdictions. 300+ risk-AML scenarios are provided to its customers with a wide range of risk indicators so businesses under the scope of the crypto regulation can report suspicious activity to authorities with enhanced due diligence.


  1. https://twitter.com/PolyNetwork2/status/1425073987164381196
  2. https://twitter.com/PolyNetwork2/status/1425130017546149891
  3. https://twitter.com/paoloardoino/status/1425090760609832978
  4. https://twitter.com/PolyNetwork2/status/1425123153009803267
  5. https://twitter.com/PolyNetwork2/status/1425321860539949056
  6. https://twitter.com/PolyNetwork2/status/1425395278341820420
  7. https://twitter.com/PolyNetwork2/status/1425870262067548163