Poly Network hackers respond to everything with 12 questions and answers: For fun, I want to provide network security tips for the project
In the early morning of August 12, the hacker who attacked Poly Network posted a question and answer, answering a series of questions such as why the attack was carried out, why they chose to attack the Poly Network, and why they repaid the loan.
1. Question: Why do you want to attack?
Answer: For fun :)
2. Q: Why choose PolyNetwork?
Answer: Cross-chain attacks are very popular.
3. Question: Why do you want to transfer tokens?
Answer: To ensure safety.
When I found an error, I had a mixed feeling. Ask yourself, what should you do if you face so much wealth. Politely ask the project team so they can solve the problem? Anyone can become a traitor! I can’t trust anyone! The only solution I can think of is to save it in a trusted account while keeping myself anonymous and safe.
Everyone smells conspiracy now. The inner ghost? Not me, but who knows? It is my responsibility to expose the loopholes before any insiders hide and use it!
4. Question: Why is it so complicated?
Answer: Poly Network is a good system. This is one of the most challenging attacks that hackers can enjoy. I have to quickly defeat any insiders or hackers, I take it as a reward challenge :)
5. Q: Are you exposed?
Answer: No. no way. I understand that even if I don’t do evil, I risk exposing myself. So I used temporary email, IP or so-called fingerprints, which are untraceable. I would rather stay in the dark to save the world.
6. Q: What happened 30 hours ago?
Answer: It’s a long story.
Believe it or not, I was forced to play this game.
Poly Network is a complex system, and I did not manage to establish a local test environment. I failed to make a POC at first. However, just before I gave up, the AHA moment came. After debugging all night, I made a SINGLE message for the ontology network.
I plan to launch a cool blitz to take over the four networks: ETH, BSC, POLYGON, and HECO. However, something went wrong with the HECO network! The behavior of the repeater is different from other repeaters. The administrator just relayed my exploit directly, and the key has been updated to some wrong parameters. It ruined my plan.
I should stop at that moment, but I decided to let the show continue! What if they secretly patch the vulnerabilities without any notice?
However, I don’t want to cause a real panic in the crypto world. So I choose to ignore junk coins, so people don’t have to worry about them going to zero. I took important tokens (except SHIB) and did not sell any tokens.
7. Question: Why do you want to sell/convert those tokens?
A: The initial response from the POLY team made me very angry.
Before I had a chance to reply, they urged others to blame and hate me! Of course I know that there are fake DEFI tokens, but I didn’t take it seriously because I have no money laundering plan.
At the same time, depositing in Curve can earn some interest to cover potential costs, so that I have more time to negotiate with the Poly team.
8. Question: Why do I need to tip 13.37 ETH?
Answer: I feel the warmth of the Ethereum community.
I am busy investigating HECO issues and debugging my scripts. I think this is a network problem, why can’t I make a deposit (I am behind a complicated agent). So I shared my kindness with that guy.
9. Question: Why do you want to ask TORNADO and DAO?
A: Having witnessed so many hacking attacks, I know that investing money in TORNADO is a wise but desperate decision. This goes against my original intention. After meeting so many beggars, being a crowdsourcing hacker is just my joke :)
10. Q: Why refund?
Answer: This has always been the plan! I am not very interested in money! I know people can be painful when they are attacked, but shouldn’t they learn something from these hackers? I announced the refund decision before midnight, so people who believe me should take a good rest;)
11. Q: Why is the refund so slow?
A: I do need time to talk to the POLY team. Sorry, this is the only way I know of to prove my dignity while hiding my identity. I need a break.
12. Q: The Poly Network team?
Answer: I have started a short conversation with them, and the log is on Ethereum. I may or may not publish them. The pain they suffered was temporary, but unforgettable.
I want to provide them with tips on how to protect their network security so that they are eligible to manage $1 billion projects in the future. Poly Network is a well-designed system that will handle more assets. They have a lot of new fans on Twitter, right?
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/poly-network-hackers-respond-to-everything-with-12-questions-and-answers-for-fun-i-want-to-provide-network-security-tips-for-the-project/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.