In August 2021, Poly Network, a decentralized finance (DeFi) platform, suffered one of the largest cryptocurrency heists in history. Hackers exploited a critical vulnerability in its smart contract calls, specifically targeting the cross-chain bridge mechanism that facilitates asset transfers between blockchains. This flaw allowed unauthorized transfers, resulting in the theft of $610 million in cryptocurrencies, including Ethereum (ETH), Binance Smart Chain (BSC), and Polygon (MATIC) tokens. The attack exposed weaknesses in governance security and contract call permissions, where the hacker manipulated roles to execute the exploit.Following the breach, Poly Network engaged in public negotiations with the attacker—including a widely shared open letter titled ‘Dear Hacker’—urging the return of funds. Surprisingly, the hacker began returning the stolen assets in phases, citing ethical concerns and the high-profile nature of the incident. While most funds were recovered, the attack underscored systemic risks in DeFi, particularly around cross-chain bridges, smart contract audits, and decentralized governance. The incident prompted industry-wide calls for stricter security protocols, including mandatory audits, bug bounties, and resilient multisig controls to prevent similar exploits.