Cross-chain decentralized finance platform provider Poly Network has been hacked with more than $600 million in cryptocurrency stolen.

The Poly Network provides a service that offers interoperability among multiple blockchains. It allows users to exchange digital assets such as cryptocurrency between various blockchains with support for bitcoin, Ethereum, Neo, Onotology, Elrong, Zilqa and various others.

The company announced the hack on Twitter earlier today, saying it involved the theft of Binance Chain, Ethereum and 0xPolygon assets. The exact figure stolen varies among reports, with estimates as high as $611 million.

According to The Block, the root cause of the hack was a cryptography issue, which is said to be not usually the case in hacks such as this. The SlowMist security team dives deeper into the hack and describes it as exploiting functions to pass carefully constructed data to modify contracts on Poly.

The size of the hack and subsequent theft is believed to be the largest to date involving a company focusing on DeFi. Various companies in the cryptocurrency and DeFi community were quick to offer help.

Tether has blacklisted the use of the stolen Ethereum to purchase USDT and has called on others to blacklist tokens coming from a wallet known to belong to the attacker. The OKEx exchange is also on the case and is watching the flow of coins from the hack.

The hacker’s identity is not known, but the actions can and have been traced across public blockchains. Bleeping Computer reported that the hacker sent someone who provided a tip warning about not transferring the stolen Ethereum to UDST 13.37 Ethereum. That person then donated parts of those funds to Binance Charity, Archive.org, Ethersane and infura.io.

“With cryptocurrency relying on blockchain and cryptography, the finances’ transactions are all electronic and thus are susceptible to cyberattacks, vulnerabilities or attempts to bypass the security controls,” James McQuiggan, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. “Whether reverse-engineering the cryptography or attacking the source, cybercriminals continue to find ways to circumvent controls to steal money for their financial gain and ruin the customers’ portfolios.”

That demonstrates that users should maintain offline wallets to protect a large portion of their investments rather than having them all in one location and risk losing their entire investment through a data breach or attack, McQuiggan added.

Image: Poly Network