Published Date: 2021-08-11
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident involving the theft of $600 million in cryptocurrency from Poly Network happened in the summer of 2021 [Article 122198]. 2. The software failure incident involving hackers stealing over $3.1 billion in cryptocurrency occurred on August 11, 2021 [Article 117881]. |
| System | 1. Poly Network's system vulnerability [117841, 117881] 2. Hot wallets used by centralized exchanges like Bitmart [122198] 3. DeFi software applications due to coding errors or design issues [122198] |
| Responsible Organization | 1. Hackers were responsible for causing the software failure incident at Poly Network, stealing $600 million in cryptocurrency [Article 117841, Article 117881]. 2. Unidentified hackers were responsible for causing the software failure incident at Bitmart, stealing at least $150 million in cryptocurrency [Article 122198]. |
| Impacted Organization | 1. Poly Network [117841, 117881, 122198] 2. Tether [117841] 3. Binance [117841, 117881, 122198] 4. Bitmart [122198] 5. Coincheck [122198] 6. Badger DAO [122198] |
| Software Causes | 1. Vulnerability in the Poly Network software allowed hackers to steal cryptocurrency funds [117841, 117881]. 2. Exploitation of a vulnerability in the Poly Network system by hackers [117881]. 3. Coding errors or design issues in DeFi software applications, such as Poly Network and Badger DAO, leading to hacks [122198]. |
| Non-software Causes | 1. Lack of cybersecurity measures and vulnerabilities in the system that allowed hackers to exploit and steal funds [117841, 117881, 122198] 2. Inadequate oversight and regulation of cryptocurrency platforms by regulatory bodies like the SEC, leading to insufficient protection for investors [117841, 117881] 3. Lack of coordination and interoperability between different blockchain platforms, making it challenging for them to work together effectively [117881] 4. Growing complexity and vulnerabilities in decentralized finance (DeFi) services due to coding errors or design flaws in applications [122198] |
| Impacts | 1. The software failure incident involving the hack on Poly Network resulted in the theft of approximately $600 million in cryptocurrency, making it one of the largest thefts in the industry's history [117841, 117881]. 2. The incident led to significant financial losses for tens of thousands of crypto community members whose funds were stolen by the attacker [117841, 117881]. 3. Following the hack, there was a call for other members of the cryptocurrency ecosystem to blacklist the assets coming from addresses used by the attacker to prevent further siphoning of funds [117841]. 4. The hack on Poly Network highlighted vulnerabilities in decentralized finance platforms, raising concerns about the security of such systems and the need for increased scrutiny from regulators [117841, 117881]. 5. The incident also shed light on the challenges faced by DeFi services in terms of security, with coding errors or design flaws being potential factors leading to such hacks [122198]. 6. The hack on Poly Network and other similar incidents underscored the importance of users taking proactive measures to protect their digital assets, such as using hardware wallets, two-factor authentication, and scrutinizing the security measures of crypto service providers [122198]. |
| Preventions | 1. Implementing robust cybersecurity measures such as regular security audits, penetration testing, and code reviews to identify and patch vulnerabilities in the software [117841, 117881, 122198]. 2. Utilizing multi-factor authentication and hardware keys for enhanced security when accessing crypto accounts [122198]. 3. Enforcing approval for all crypto withdrawals and whitelisting addresses to restrict fund transfers to authorized recipients only [122198]. 4. Using hardware wallets for cold storage of cryptocurrency assets to reduce the risk of theft [122198]. |
| Fixes | 1. Implementing robust security measures such as two-factor authentication, hardware keys, and whitelisting addresses to enhance the protection of crypto assets [Article 122198]. 2. Conducting thorough code reviews and security audits to identify and address vulnerabilities in DeFi software applications [Article 122198]. 3. Enhancing cybersecurity protocols and resources to cover potential hacks and ensure compensation for impacted users [Article 122198]. 4. Utilizing hardware wallets for cold storage of crypto assets to increase security and reduce the risk of theft [Article 122198]. 5. Strengthening regulatory oversight and enforcement to deter cybercriminal activities in the cryptocurrency space [Article 117841, Article 117881]. | References | 1. Poly Network 2. Chainalysis 3. Binance 4. SEC 5. Bitmart 6. Elliptic 7. Comparitech 8. Badger DAO 9. TRM Labs 10. IRS Criminal Investigations Cyber Unit 11. Crypto Head |
| Category | Option | Rationale |
|---|---|---|
| Recurring | one_organization, multiple_organization | (a) The software failure incident having happened again at one_organization: - The article [122198] mentions that over the summer, an anonymous hacker stole roughly $600 million in cryptocurrency from Poly Network, a decentralized finance network. This incident was followed by another hack where hackers stole at least $150 million from crypto exchange Bitmart. Both incidents involved significant amounts of cryptocurrency being stolen due to vulnerabilities in the systems, indicating a recurrence of software failure incidents within the cryptocurrency industry. (b) The software failure incident having happened again at multiple_organization: - The articles [117841] and [117881] report on separate incidents where hackers stole around $600 million in cryptocurrency from the Poly Network, a decentralized finance platform. These incidents highlight a trend of hackers targeting cryptocurrency platforms and exploiting vulnerabilities to steal large sums of money. Additionally, the articles mention other past incidents in the cryptocurrency industry, such as the Coincheck attack in 2018, indicating that similar software failure incidents have occurred at multiple organizations within the cryptocurrency space. |
| Phase (Design/Operation) | design, operation | (a) The software failure incident related to the design phase can be seen in the articles discussing the hack on the Poly Network. The incident was attributed to a vulnerability in the Poly Network system that allowed hackers to exploit and steal cryptocurrency funds [117841, 117881]. This vulnerability was a design flaw within the system that the hackers were able to exploit, leading to the significant theft of funds. (b) The software failure incident related to the operation phase is evident in the articles discussing the hacks on centralized exchanges and decentralized finance (DeFi) services. Centralized exchanges storing assets in "hot wallets" connected to the internet were targeted by hackers due to their potential vulnerability [122198]. Additionally, DeFi services like Poly Network and Badger DAO were also targeted due to coding errors or design issues in their applications, which allowed hackers to exploit vulnerabilities and steal funds [122198]. These operational weaknesses in the systems made them susceptible to hacking incidents. |
| Boundary (Internal/External) | within_system, outside_system | (a) within_system: The software failure incident involving the theft of cryptocurrency from Poly Network was primarily due to vulnerabilities within the system itself. The hackers exploited a vulnerability in Poly Network's system to steal the funds, as mentioned in both Article 117841 and Article 117881. The incidents highlight how weaknesses within the software or platform can lead to significant security breaches and financial losses. (b) outside_system: The software failure incident also involved contributing factors that originated from outside the system. For example, the hackers who exploited the vulnerabilities in Poly Network's system were external actors who targeted the platform from the outside. Additionally, the incidents were influenced by the broader cryptocurrency ecosystem, regulatory scrutiny, and the actions of other entities such as Tether and Binance, as mentioned in the articles. These external factors played a role in shaping the context and impact of the software failure incident. |
| Nature (Human/Non-human) | non-human_actions | (a) The software failure incident occurring due to non-human actions: - In the incident involving the theft of $600 million in cryptocurrency from Poly Network, the hack was attributed to a vulnerability in the Poly Network software that allowed the thief to steal the funds. The hacker exploited a vulnerability in the system, indicating a non-human action leading to the failure ([117841], [117881]). - The hack on Bitmart, where hackers stole at least $150 million in cryptocurrency, was also a result of unidentified hackers using a stolen private key to open "hot wallets" and extract funds. This incident highlights a non-human action contributing to the software failure ([122198]). (b) The software failure incident occurring due to human actions: - The articles do not specifically mention any human actions contributing to the software failure incidents reported in the context of the cryptocurrency thefts from Poly Network and Bitmart. The focus is primarily on the vulnerabilities in the systems that were exploited by hackers, indicating non-human actions as the primary contributing factor. |
| Dimension (Hardware/Software) | software | (a) The software failure incident occurring due to hardware: - There is no specific mention of the software failure incident in the provided articles being attributed to hardware issues. The incidents discussed primarily revolve around hacks and thefts in the cryptocurrency space, with the focus on vulnerabilities in software systems rather than hardware-related failures. (b) The software failure incident occurring due to software: - The software failure incidents discussed in the articles are primarily attributed to vulnerabilities and weaknesses in software systems. For example, the theft of cryptocurrency from Poly Network and Bitmart was a result of hackers exploiting vulnerabilities in the software systems of these platforms [117841, 117881, 122198]. - The incidents highlight how hackers targeted centralized exchanges and decentralized finance services due to vulnerabilities in their software systems, such as coding errors or design flaws in applications [122198]. - The article also mentions that the recent hacks in the cryptocurrency space are often a result of vulnerabilities in the software being exploited by hackers, indicating that weaknesses in the code of these platforms make them susceptible to exploitation [122198]. |
| Objective (Malicious/Non-malicious) | malicious | (a) The software failure incident reported in the articles is malicious. Hackers targeted the decentralized finance platform Poly Network and stole a significant amount of cryptocurrency, totaling around $600 million [Article 117841, Article 117881, Article 122198]. The hackers exploited vulnerabilities in the system to carry out the theft, indicating that the failure was due to contributing factors introduced by humans with the intent to harm the system. The incident involved sophisticated attacks on crypto platforms, highlighting the malicious nature of the software failure. |
| Intent (Poor/Accidental Decisions) | poor_decisions, accidental_decisions | (a) The intent of the software failure incident related to poor_decisions: - The software failure incident involving the theft of cryptocurrency from Poly Network was due to a vulnerability in the platform that allowed hackers to steal funds [117841, 117881]. - The hackers exploited a vulnerability in the system of Poly Network, leading to the theft of thousands of digital tokens like Ether [117881]. - The incident involved a hacker exploiting a "vulnerability between contractual links" within Poly Network [117881]. - The hack on Poly Network was described as a result of a vulnerability that was exploited by the hacker [117881]. - The incident was characterized by the hacker exploiting a weakness in the code of the platform, leading to the theft of funds [122198]. (b) The intent of the software failure incident related to accidental_decisions: - The hacker behind the Poly Network theft claimed to have hacked the platform "for fun :)" and as a challenge, indicating a potentially accidental or unintended motive behind the attack [117841]. - The hacker mentioned that they undertook the attack to expose the vulnerability before any insiders could exploit it, suggesting a motive beyond malicious intent [117841]. - The hacker expressed a desire to "save the world" by exposing the vulnerability they exploited, indicating a potentially unintended consequence of their actions [117841]. - The incident highlighted that vulnerabilities in the code of DeFi services like Poly Network can be exploited due to coding errors or design issues, leading to unintended security breaches [122198]. |
| Capability (Incompetence/Accidental) | accidental | (a) The software failure incident occurring due to development incompetence: - The articles do not provide specific information indicating that the software failure incidents related to the cryptocurrency thefts from Poly Network and Bitmart were due to development incompetence by humans or development organizations. The incidents were primarily attributed to vulnerabilities in the systems that were exploited by hackers [117841, 117881, 122198]. (b) The software failure incident occurring accidentally: - The articles mention that the cryptocurrency theft incidents from Poly Network and Bitmart were a result of hackers exploiting vulnerabilities in the systems, indicating that the failures were accidental in nature rather than intentionally caused by the development teams [117841, 117881, 122198]. |
| Duration | temporary | (a) The software failure incident in the articles was temporary. In the incident involving the Poly Network, hackers stole a significant amount of cryptocurrency, but the platform was able to establish addresses for the attacker to return the money. As a result, a substantial portion of the stolen funds was returned [117841, 117881]. Additionally, in the case of the Bitmart hack, hackers stole funds from the exchange, indicating a temporary breach that allowed the extraction of funds [122198]. These incidents highlight temporary failures where the vulnerabilities were exploited for a limited period before actions were taken to address the breaches. |
| Behaviour | crash, omission, value, other | (a) crash: - Article 117841 reports a software failure incident where hackers stole $600 million in cryptocurrency from the decentralized finance platform Poly Network. The incident led to a crash in the system's functionality as it lost state and was unable to perform its intended functions due to the theft. - Article 122198 mentions a similar incident where an anonymous hacker stole roughly $600 million in cryptocurrency from Poly Network, leading to a crash in the system's operation. (b) omission: - Article 117841 describes how a vulnerability in Poly Network allowed a thief to steal funds, indicating an omission in the system's security measures that led to the theft. - Article 117881 reports on hackers exploiting a vulnerability in the Poly Network system to steal digital tokens, highlighting an omission in the system's defenses. (c) timing: - There is no specific mention of a timing-related failure in the provided articles. (d) value: - Article 117841 mentions that the hacker stole a significant amount of money from tens of thousands of crypto community members, indicating a value-related failure where the system performed its functions incorrectly by allowing the theft to occur. - Article 117881 also discusses how hackers stole a substantial amount of money from the Poly Network, representing a value-related failure in the system's operation. (e) byzantine: - There is no specific mention of a byzantine-related failure in the provided articles. (f) other: - The other behavior observed in the software failure incidents reported in the articles is a security breach leading to unauthorized access and theft of funds from the Poly Network platform. This breach resulted in a significant financial loss and disruption of operations, showcasing a security-related failure in the system's design and implementation. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | None | None |
| Communication | None | None |
| Application | None | None |
| Category | Option | Rationale |
|---|---|---|
| Consequence | property | (d) property: People's material goods, money, or data was impacted due to the software failure The software failure incident described in the articles led to a significant financial impact on individuals and organizations involved in the cryptocurrency ecosystem. In the case of the Poly Network hack, hackers stole around $600 million in cryptocurrency, affecting tens of thousands of crypto community members [117841]. Similarly, in another incident, hackers stole approximately $600 million in cryptocurrency from the Poly Network, leading to one of the largest cryptocurrency thefts in history [117881]. Additionally, hackers stole at least $150 million from the crypto exchange Bitmart by using a stolen private key to extract funds from "hot wallets" [122198]. These incidents highlight how software failures in the form of hacks can result in substantial financial losses for individuals and entities involved in the cryptocurrency space. |
| Domain | finance | (a) The failed system in the articles is related to the finance industry, specifically the decentralized finance (DeFi) sector. The incidents involved the theft of cryptocurrency from platforms like Poly Network and Bitmart, highlighting vulnerabilities in the DeFi ecosystem [117841, 117881, 122198]. (h) The software failure incident was directly related to the finance industry, as hackers targeted decentralized finance platforms to steal significant amounts of cryptocurrency [117841, 117881, 122198]. |
Article ID: 117841
Article ID: 117881
Article ID: 122198