Crypto Hacks and Scams — #1 on the list

inSure DeFi
4 min readDec 6, 2021

You own, invest, and stake your crypto to develop your wealth, but this Web3.0 ecosystem, although transparent, is completely unregulated. It is the Wild Wild West — and everyone is fending for themselves. So how do you ensure that someone else cannot simply take your digital finances without peace of mind that you could get it back? Insurance. Period.

Image adapted from News

We have encountered many who ask “what is the real need for an insurance token?”, “why would I need such a protection for my “de-finances”, given the various wallet security measures, mnemonic/recovery phrases and authentications protecting my wallets or holdings?

Well, the fact is, one of life, that there is always a risk and these risks are especially pronounced in the unregulated Web 3.0 ecosystem.

So let’s take a brief look at some fairly big hacks and scams documented by Rekt and how they were executed, and you might then just think again:

At #1: ~$611,000,000 stolen funds from Poly Network.

Until the Poly Network hack, the biggest crypto heist was the notorious Mt Gox hack — the most renowned bitcoin exchange at the time, located in Japan, was stripped of approximately 850,000 BTC (which today has a value of around $50billion USD). That was the biggest heist, until 2021.

In August, 2021, Poly Network suffered what is today known as the world’s biggest ‘present-day-value’ crypto heist.

Reason for loss?: Exploitation of Poly Network’s ‘Proxy Lock Contracts’ over three different blockchains. Poly Network’s notably “lax” cross-chain relay contract logic and data management allowed the hacker to call a very important “EthCrossChainData” contract, which should be prevented in the logic. The hacker could then undertake some data crafting and trickery to work their way around the certain cross-chain data checks and owner checks within the logic to enable public key alteration and complete the contract hack. The stolen funds are tabled below:

Numbers of the stolen funds directly after the hack, adapted from Rekt

Following the heist, the hacker entertainingly engaged in public communications, such as asking how to best launder the funds as well as handing out significant donations for advice given. Surprisingly, it seemed at one point that the hacker had mistakingly KYC’d his wallet addresses, which then resulted in a shift in attitude, followed by the commencement of the return of stolen funds by the hacker.

Fast forward from the event and since the largest ever crypto hack, Poly Network released multiple media releases stating that all stolen funds have been returned, even the ~$30M of USDT that was locked was eventually unfrozen and released back to legitimate holders.

Reading through the original Twitter thread reveals a lot of mixed opinions of whether the “rug was pulled” and an inside-job was the causal factor or whether a legitimate outsider made the move. Irrespective of this, the fact is that the error was exploited and community members/token holders suffered a financial hit, not to mention the Poly Network’s reputation.

Coin Bureau pointed out one interesting observation from the event: “And while the headlines about a hack are always sensational, that very blockchain technology was used to trace the hacker. Funds are being returned as he / she knows there is nowhere to go. Try tracing fiat cash like that”, as if to promote the benefits of blockchain transparency. It seemed to be true, as only a few days after the hack, all the funds were apparently returned — suggesting the hacker either had good intent at heart, or, realised some in escaping unscathed.

These events remind us how “new” the Web 3.0 space is, how “wild” crypto can be and how important it is that individuals and established projects have distributed secure funds across various platforms for optimal stability of portfolios, wallets and most importantly, healthy decision-making of all people and projects within the DeFi ecosystem.

Ultimately, what is one potential risk mitigation method for individual token holders and DeFi communities in order to avoid the consequences of such events? DeFi insurance is one sure way that your DeFi investments, portfolios and projects are supported and compensated, if need be, by a trusted, distributed, secure and transparent community.

Nobody’s de-finances are 100% safe in the current wild web 3.0 crypto space. Insure with #SURE.

Be part of the inSure DeFi community.

About inSure DeFi

inSure DeFi is a Decentralized Insurance Ecosystem, partnered with Chainlink, trusted by thousands of community members to protect their crypto portfolios from scams, exchange closures, and drastic devaluations. inSure DeFi provides insurance solutions for the crypto space to stabilize and secure Crypto & DeFi portfolios.

Fast. Transparent. Future.

To learn more about inSure DeFi go to or follow us on Twitter and Telegram.

Official Links:

Website | Medium | LinkedIn | Facebook | Twitter | Telegram Channel | Telegram Group



inSure DeFi

Offering a way to insure your crypto portfolio. DeFi Insurance System. Utility value token and beyond