Tech News Briefing

Hackers stole more than $600 million worth of cryptocurrencies from the decentralized finance platform Poly Network. DeFi has been gaining popularity among users of digital assets, but heists and scams raise questions about the safety of these networks. Reporter Anna Hirtenstein joins host Zoe Thomas to discuss what happened and the implications for the unregulated DeFi market.

Full Transcript

This transcript was prepared by a transcription service. This version may not be in its final form and may be updated.

Zoe Thomas: This is your Tech News Briefing for Thursday, August 12th. I'm Zoe Thomas for the Wall Street Journal. Hackers have pulled off a major crypto heist, stealing more than $600 million worth of digital currencies from a decentralized finance platform. It's a reminder of the risks of trading on unregulated markets where theft fraud and scams are common. So how did this theft go down? What does it mean for the broader crypto market and what do the hackers have to say about it? On today's episode, our reporter, Anna Hirtenstein is here to help us break down what happened and the surprising turn it took next. That's these headlines. Samsung is rolling out two new phones with foldable screens. The Galaxy Z Fold 35G will cost $1,800, $200 less than its predecessor. The phone's 7.6 inch screen folds up like a book, revealing a screen on the front that can perform most features. A smaller model, the Galaxy Z Flip 3 will cost under a thousand dollars. It folds in half with a front screen that can display up to four app icons and it allows users to read several lines of notification and messages without opening the device. Samsung's last attempt at a foldable phone a couple of years ago failed to catch on with consumers who questioned the product's durability and price. The company hopes as the economy reopens and more consumers try out the phones in stores, they'll be more likely to buy them. A bipartisan group of senators introduced a bill on Wednesday that would impose new rules for app stores. The measure called the Open Apps Market Act aims to increase competition and consumer protection and address longstanding concerns by developers such as in-app payments. It comes as lawmakers questioned the growing power of tech companies, including the dominance Apple and Google have in the mobile ecosystem. Google declined to comment on the legislation. Apple said its app store connects developers and customers in a safe and trustworthy way. And online used car retailer, Carvana won't be able to sell cars in Raleigh, North Carolina for a while after the state temporarily suspended its dealer license there. A state investigation determined Carvana failed to deliver titles to the Motor Vehicle Department and sold cars without state inspections. Along with the suspension which goes into late January, the company also agreed to pay a small civil penalty and administrative fee according to court documents. All right, coming up, hackers stole around $600 million in cryptocurrencies. We'll tell you how it happened and why it's different from other high profile crypto heists. After the break. Earlier this week, hackers stole cryptocurrencies worth more than $600 million from Poly Network, a decentralized finance or DeFi platform. It's one of the largest crypto heists in recent years, joining the ranks of infamous crypto hacks, including Mt. Gox in 2014 where around $400 million in Bitcoin was stolen, and Coincheck in 2018 where hackers took around 550 million in digital assets. Authorities in those cases were able to make arrests eventually, but police often struggled to understand these crimes and what was even stolen. The risk for crypto holders only grows as the market for cryptocurrencies gets bigger and more complex. Joining us to discuss this is our reporter, Anna Hirtenstein. Hi Anna.

Anna Hirtenstein: Hey, Zoe. Good to be here.

Zoe Thomas: Anna, so let's start with a little background. Decentralized finance is still pretty new and for a lot of people, they're just learning about it. Can you tell us what DeFi is and what it's used for.

Anna Hirtenstein: As you said, DeFi stands for decentralized finance. It's a term that includes companies that offer financial services on public blockchains. So just like regular banks, they do things like lending out assets, derivative contracts and provide financial services. And investors often use these to borrow against their crypto holdings and amplify their bets.

Zoe Thomas: All right. So let's talk a little bit about what happened with Poly Network. When I think of a heist, I definitely have an Ocean's 11, bad guys repelling into bank vaults kind of image in my head, but I imagine that isn't exactly how you'd break into a crypto network. So how does this work?

Anna Hirtenstein: What happens is that when you break into a crypto network, you gain control over a blockchain address and through this, you can then transfer assets. So in this case, a hacker was able to access Poly Network's blockchain addresses. They did this through something called exploiting a vulnerability between contract calls. Speaking to a security experts, this is when they found a vulnerability when two programs were automatically executing transactions on the blockchain at the same time and they did this through splitting the open source code. And through this, they're able to make these transfers.

Zoe Thomas: What does this mean for users of Poly Network? If my money was stolen from a bank, it would be insured up to a certain amount. Are they likely to get any money back?

Anna Hirtenstein: The crypto market is unregulated. There isn't the same insurance system as with regular finance. However, interestingly and kind of amazingly, in this case with this hack, the hackers are returning the assets. As you said, they stole around $600 million worth of cryptocurrency assets and they've still given back around $260 million worth of assets.

Zoe Thomas: So wait a minute, the hackers are giving the money back? Have they said why?

Anna Hirtenstein: Actually in a series of posts which are linked to transactions on the blockchain, they have been doing a kind of self Q&A where they've been responding to questions and one of them was, why are you returning the money? And they said that was always the plan. They wanted to essentially expose vulnerabilities in the network, that they're negotiating with the Poly Network team and that they want to give them tips on how to secure their networks. So allegedly returning the money was always the plan.

Zoe Thomas: Okay. So they're commenting on the heist. What about- (crosstalk) finding the people behind it? Is there any way to track them down?

Anna Hirtenstein: Transparent and very untransparent. It's very easy to see where the different assets are transferred from, you can see when they go from A to B, because it's all on a public ledger, you can see which address it's gone to. However, who actually controls these addresses is a mystery. So in terms of identifying people in situations like this, it is really difficult.

Zoe Thomas: $600 million is a huge amount of money. When hackers stole money from Mt. Gox in 2014, it affected the price of Bitcoin. Have there been any ripple effects here?

Anna Hirtenstein: Surprisingly not really in the market. For example, Ether is one of the main cryptocurrencies that was involved in this hack and they are, price-wise pretty stable. So they actually went up a little bit (inaudible) yesterday. So there hasn't really been a ripple effect in the market.

Zoe Thomas: What about regulators? Gary Gensler, the head of the Securities and Exchange Commission recently talked about wanting to regulate DeFi. Will this incident give the regulators more fuel?

Anna Hirtenstein: Well, the cryptocurrency market is rife with incidents like this. There's a lot of scams. There's a lot of fraud. There's a lot of theft. So a really big high profile case like this might add fuel to the fire and might make regulators more motivated to get involved.

Zoe Thomas: All right. That's our reporter, Anna Hirtenstein. Anna, thanks for joining us.

Anna Hirtenstein: Thanks so much.

Zoe Thomas: And that's it for today's Tech News Briefing. You can always find more tech stories on our website, wsj.com. And if you like our show, please rate and review it. You can do that wherever you get your podcasts. I'm Zoe Thomas for the Wall Street Journal. Thanks for listening.