Poly Network Hack: When the company and the hacker seek to influence stakeholders
The Crypto platform was hit by one of the largest hacks last month after $610 million in cryptocurrency was stolen. The story got a large amount of publicity prompting the question of whether the crisis cost more to the company’s reputation, than the actual hack itself?
Poly Network reported that virtually all of their crypto currency funds were stolen last week. The record breaking $613 million heist was carried out by a hacker who later returned the stolen assets. The thief claimed not to be very interested in money but instead, interested in highlighting the security failings of the platform
The network reported on Twitter that it had seen the return of their cryptocurrencies, but with the hacker's identity yet to be established, the chances of another attack to the network continue to grow. This not only generates a crisis but a reputational risk, especially for a company who pride themselves on the security of their block chain technology.
The Hacker then went online and published a multi-page Q&A session in the form of a self-interview, discussing why they hacked the network. The Q&A was embedded in the Ethereum blockchain which instantly brought the public into the crisis. Reports surface on whether the hacker did this as a way to save their reputation in light of the huge publicity around the story.
CEO and Founder of Conducttr, Robert Patterson said, “The consequence is that Business Continuity professionals need to train their organizations not just for the immediate incident, but the much larger reputational impact. This can only be done in a realistic environment that simulates the complex public information space where these battles for perception can play out.”
Cryptocurrency and the safety of blockchain technology have been in question for the past few years, especially with ongoing trend in ransomware attackers instructing companies to pay in digital currency. The anonymity of that digital currency also provides cybercriminals is almost makes them invisible after an attack. Hacks such as this only add fuel to the fire creating a sense of distrust around networks and cryptocurrency itself.
Robert went on to say, “The technical and operational issues of fixing the cyber security vulnerability could be easy or hard to fix, but it usually goes on in private and relatively quickly. However, the story about the hack, the potential for it to spin towards familiar plots like "david vs goliath" , towards "robin hood" and so on could last for weeks and months - all the while presenting ongoing opportunities for the incident to undermine the company's strategic narrative as the wider public debates the societal impact of crypto currency - so not just it's security but also its usefulness, its environmental damage, its impact on individual privacy and so on.”
With the money being returned Robert says the story becomes instantly newsworthy which creates the potential for the publicity to cost the company even more than the actual theft. This is what BC professionals need to consider when organising training and preparedness.
“In the case of the cyber theft and return, what we see is actually a battle of narratives and reputation. The hacker decides that his status & reputation matter to him and starts a narrative about his high motives for the crime. For the company, even though they might yet get their money returned, the reputational damage about their security remains. And we see the company having to negotiate with the hacker in front of a large international public audience - courting public opinion and attempting to manage public perception about their competence and standing.”
Hence, we have a complex social and information environment with two adversaries - the company and the hacker - presenting contesting narratives seeking to influence stakeholders.
About the author
Lisa Hanley is an In - house Journalist working for The BCI. With a Masters degree in Televison Journalism from City, University of London, Lisa has previously worked as a Freelance Producer and Journalist for London Live, PA Media and Thomson Reuters Foundation. Her experience varies from producing documentaries, films and podcasts, to producing news packages for television and voiceovers for radio.