Skip to main content
Canada’s most-awarded newsroom for a reason
Enjoy unlimited digital access
$1.99
per week
for 24 weeks
Canada’s most-awarded newsroom for a reason
$1.99
per week
for 24 weeks
// //

Hackers stole hundreds of millions in digital assets from the obscure cryptocurrency platform Poly Network this week in a move crypto experts say shows the risky and experimental nature of an industry that is still nascent and largely unregulated.

In one of the biggest crypto thefts ever, US$600-million worth of digital assets were stolen from Poly Network, a decentralized finance – or “DeFi” – platform, on Tuesday, after hackers exploited a vulnerability that allowed them to divert the holdings out of it.

“This hacking event is an important lesson to the crypto market. It shows there are still a lot of vulnerabilities with new and unregulated parts of the crypto sector that users need to worry about,” said Justin Hartzman, co-founder and CEO of CoinSmart, a Toronto-based cryptocurrency exchange.

Story continues below advertisement

Unlike CoinSmart and other more well-known crypto companies such as San Francisco-based Coinbase and Binance, which was founded by Chinese entrepreneurs, Poly Network is not a crypto exchange – it does not facilitate the buying and selling of crypto tokens. Rather, decentralized finance platforms enable users to move digital currency from their own crypto wallets between blockchains. (A blockchain is essentially a digital ledger of transactions, and cryptocurrencies are built on them. Ethereum, for example, is a decentralized blockchain.)

Because a platform such as Poly Network merely enables users to send their own crypto tokens across different networks, and does not hold or store those tokens, any losses from a hack will be absorbed by the individual platform user.

DeFi technology has gained vast popularity and investor interest over the past few years, largely because it enables crypto-lending outside the confines of a traditional bank. For instance, someone who holds $1-million worth of bitcoin can either just store it on an exchange such as Coinbase, or use a DeFi platform to lend the bitcoin to other crypto users and earn interest of 10 per cent or more.

“If you have a bank account in Canada and you’re making 1 per cent on $100,000, you could be making 10 times that amount by placing your crypto on a DeFi platform. Beyond the interest earned, you’re seeing your crypto go up in value,” Mr. Hartzman explained.

Regulatory uncertainty can make trading stock tokens risky, experts say

Calgary fintech startup Tetra Trust becomes Canada’s first regulated custodian of crypto assets

DeFi proponents also say the technology can make lending and borrowing cheaper and more efficient, given that it eliminates middlemen and fees charged by them.

But the potential rewards of experimenting with new products within the crypto ecosystem come with significant risks, experts warn.

“There are so many projects under way in the DeFi world right now where obviously some times, there are platforms that do not take security very seriously because they are moving too fast,” said Boris Wertz, founder and partner at the Vancouver-based venture capital company Version One. The VC firm was an early investor in Coinbase, and doubled the value of one of its funds after Coinbase’s blockbuster stock market debut in April.

Story continues below advertisement

Mr. Wertz has been a crypto enthusiast for years, but even he expressed caution about engaging with certain DeFi platforms. “I think DeFi is a great financial innovation in the world of crypto and I do think it has potential, it’s just that it is early days and we don’t have much information yet about the risks,” Mr. Wertz told The Globe.

Brian Mosoff, CEO of Ether Capital , a Toronto crypto company that owns and invests in Ether, said one reason Poly Network may have been targeted by a hacker was because it is a very new platform – few developers and programmers have had a chance to analyze it and fix vulnerabilities.

“There were not enough people to battle-test the code. With Ethereum, it’s been around for a long time, there are a lot of developers fixing bugs. With newer DeFi networks, you’re really entering the Wild West,” Mr. Mosoff said.

In a peculiar turn of events, however, the hackers responsible for the Poly Network breach began giving back some of the digital money they stole, reportedly returning US$260-million worth of cryptocurrencies to the platform, according to a blog post from Chainalysis, a Japanese blockchain forensics company governments and corporations often use to track crypto hacks.

Chainalysis’s Twitter account also posted screenshots from an apparent online conversation between Poly Network and a hacker, in which the hacker claimed to have carried out the heist to “expose the vulnerability” before any other so-called “black hat” hackers took advantage of the system flaw.

Global securities regulators have increasingly shifted their attention to unregulated crypto platforms as a growing number of investors pour their money into cryptocurrencies. The Ontario Securities Commission recently barred Binance from operating in Ontario because it had failed to register with the OSC to begin the process of becoming regulated.

Story continues below advertisement

In response to a Globe query about whether the OSC has guidelines on how DeFi platforms are regulated in Canada, spokesperson Crystal Jongeward said that the Poly Network hack highlights “significant investor protection risks posed by unregistered crypto asset trading platforms.”

But Poly Network is not a crypto trading platform, and in Canada, existing rules appear only to be directed at crypto exchanges and other trading venues, not DeFi platforms.

“Of course the question everyone is asking is: How do we regulate these kinds of platforms? Regulation is definitely coming, but you have to remember that the technology is moving at a mile a minute and it is tough for regulators to keep up. Ultimately, they will have to hold DeFi platforms to a higher security standard,” said Andrew Kiguel, founder and CEO of Vancouver-based crypto company Tokens.com.

Poly Network did not immediately respond to The Globe’s request for comment. The company discloses little about itself on its website – not even its whereabouts. Some media reports have suggested the company is based in China.

Your time is valuable. Have the Top Business Headlines newsletter conveniently delivered to your inbox in the morning or evening. Sign up today.

Your Globe

Build your personal news feed

  1. Follow topics and authors relevant to your reading interests.
  2. Check your Following feed daily, and never miss an article. Access your Following feed from your account menu at the top right corner of every page.

Follow the author of this article:

Follow topics related to this article:

View more suggestions in Following Read more about following topics and authors
Report an error Editorial code of conduct
Tickers mentioned in this story
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies