The attack was detected by blockchain ecosystem security platform SlowMist, indicating that the hack targeted Polkatrain contract with swap functionality and rebate mechanism dubbed POLT_LB. The analysis adds that the attackers took advantage of the flaws in the system’s update function. In this case, when users purchase the Polkatrain native token PLOT, they are eligible for a certain amount of rebates. The system’s design sends the rebates through the transfer function, where the update function takes over. SlowMist explains the flaws in the update function that the attackers explored. According to the cybersecurity company:
Polkatrain confirms hack
Elsewhere, Polkatrain in a statement confirmed the incident stating that it will follow up in the coming days. The platform revealed that the name of the hacker has already been identified as Mr. Jiang. Interestingly, Polkatrain did not specify the amount lost through the hack. Furthermore, the platform urged the hacker to return the stolen funds or risk arrest from authorities in China. The attack contributes to the total cumulative funds lost in blockchain hacks, with SlowMist placing the total figure around $14.5 billion.
