Series of DeFi attacks sees Neko Network latest to fall victim as Poly Network offers hacker $500K reward

Neko Network has been attacked even before the dust has settled on the biggest hack in DeFi history, the Poly Network hack. According to SlowMist blockchain security firm, Neko Network suffered a loss of stablecoins worth over $2 million. Specifically, the hacker’s address received 2 million USDT, 390,000 BUSD, and 1BTCB.

Thereafter, the attacker(s) used PancakeSwap on the Binance Smart Chain (BSC) to exchange the stolen stablecoins with BNB. Out of the total 6,390 BNBs drained, 2,871 have been returned. That said, the hacker’s actions afterwards did not indicate any intentions of returning the full amount. The hacker has been transferring 100 BNB at a time to Tornado Cash, to mix coins. As of Friday, the hacker’s address had 2020 BNB out of the remaining 3,519 BNB.

Neko Network and DeFi hacks

Notably, the hacker exploited a loophole found on Neko Network’s lending protocol on BSC. The attacker mortgaged assets in the name of the users then transferred borrowed funds directly to their address. Following the attack, Neko Network froze its asset pools. A time-lock setting makes it take 24 hours to develop a fund pool and raise funds for that pool.

Still this week, the DAO Maker crowdfunding platform was struck with a hack of more than $7 million. The hacker(s) managed to rob USDC from user’s top-up accounts and replaced it with about 2,261 ETH, Wu Blockchain reports.

It is widely believed that the hacker substituted ETH for USDC since USDC’s parent organization Circle can easily freeze assets. In association with the recent Poly Network attack, Tether froze nearly $35 million USDT.

According to one estimate, between 9,000-10,000 USDC accounts may have been affected by the DAO Maker hack. Users have already reported missing their pre-funding deposits but DAO Maker is yet to make any official statements.

On Tuesday, a hacker(s) stole roughly $610 million worth of cryptocurrencies from the Poly Network. The hacker has since returned most of the stolen assets though in small bits. Nevertheless, in a published digital note to the Poly team, the hacker repeatedly mocked their security protocol. Additionally, the attacker claimed to have had the ability to even siphon billions if “Shitcoins” were included in the heist.

Now, Poly Network is offering the hacker a $500,000 bounty as a reward for exposing security vulnerabilities. Referring to the hacker as a “white hat”, the network expressed gratitude to him/her for “helping to improve” its security.

Polynetwork stated that it will provide a legal bonus of US$500,000 for hackers' "white hat behavior".
— Wu Blockchain (@WuBlockchain) August 12, 2021

Experts claim that returns were done due to convenience issues since laundering stolen crypto requires more effort than theft. Others, yet, suggest that the hacker backtracked for fear of exposure and prosecution after researchers unearthed some identifying info.

Nonetheless, the series of attacks raise concerns over the security pitfalls of the DeFi market despite its explosive growth. The DeFi network has been attacked month after month, mostly due to internal flaws. A hacker confidently flaunting the ability to steal billions just because it is fun only taints the DeFi picture more.