Hacker Returns Nearly All $600M Stolen In Crypto Heist
Nearly all of the $600 million stolen in a huge crypto heist has been returned
According to the platform targeted in the hack, hackers have now returned nearly all of the $600 million stolen in one of the largest cryptocurrency heists in history.
Poly Network announced Thursday that all funds, with the exception of $33 million in tether digital currency, have been returned.
The creators of tether, a so-called stablecoin pegged to the US dollar, used a built-in failsafe to immediately freeze the stolen funds.
In an unusual twist Wednesday, an anonymous individual claiming to be the hacker stated that they were "prepared to return" the funds. The hacker, or hackers, are unknown.
Poly Network requested that the funds be transferred to three different digital currency wallets. And, indeed, by Thursday, the hacker had returned over $342 million of the funds to those wallets.
However, there is a catch. While nearly all of the haul has been returned to Poly Network, the remaining $268 million in assets are locked in an account that requires both Poly Network and the hacker's passwords to access.
“It's likely that keys held by both Poly Network and the hacker would be required to move the funds — implying that the hacker could still render the funds inaccessible if they so desired,” Tom Robinson, chief scientist of blockchain analytics firm Elliptic, wrote in a blog post Friday.
The suspected hacker stated in a message embedded in a digital currency transaction that they would "provide the final key when _everyone_ is ready."
Record ‘DeFi’ hack
Poly Network is an example of what is referred to as a "decentralized finance" system. DeFi projects seek to replicate traditional financial services such as lending and trading through the use of blockchain technology — the technology that underpins the majority of cryptocurrencies.
In the case of Poly Network, the DeFi system enables users to transfer tokens between blockchains.
Someone exploited a flaw in Poly Network's code, allowing the hacker to send tokens to their own cryptocurrency wallets. According to researchers at security firm SlowMist, the platform suffered a loss of more than $610 million as a result of the attack.
It was dubbed "the largest in defi history" by Poly Network.
The self-proclaimed hacker claims they committed the theft "for fun" and that returning the funds was "always the plan."
CNBC was unable to independently verify the messages' authenticity.
In a subsequent message, the hacker claimed that Poly Network offered them a $500,000 bounty for returning all of the money, but they declined. The hacker shared what appears to be a statement from Poly Network in which they promise they will "not be held accountable for this incident," effectively granting them immunity.
CNBC reached out to Poly Network for comment but did not receive a response by publication time.
“While offering immunity may have sounded like a prudent move by Poly Network to dangle a carrot, it is unlikely that the authorities would agree or even allow this decision,” said Jake Moore, a cybersecurity specialist at ESET.
“This attack was almost certainly closely monitored by cybercriminals and law enforcement alike, potentially opening the door to copycat attacks.”
Identifying the hacker
Robinson stated that the hacker "might well still be pursued by the authorities."
“Their activities have left numerous digital breadcrumbs for law enforcement to follow on the blockchain.”
Cryptocurrencies are frequently used by cybercriminals, particularly in ransomware attacks that encrypt systems or steal data from organizations and demand a ransom payment to regain access.
This is because the individuals who send and receive digital currencies do not reveal their identities. However, by analyzing the blockchain, which contains a public record of all historical crypto transactions, it has become possible to trace the funds' location.
