On Tuesday, the Poly Network suffered a $612-million hack that did the hacker steal assets from Ethereum, Binance Chain, and the Polygon Network. It’s the biggest heist in DeFi history. However, the suspected hacker already returned over half of the stolen funds, saying he did it “for fun.”
On Aug. 10, a hacker exploited a flaw in Poly Network’s code to steal the funds. According to researchers at blockchain security firm SlowMist, Poly Network lost more than $610 million in the attack.
Poly Network is a platform that looks to connect different blockchains so they can work together. A blockchain is a digital ledger of transactions that is maintained by a distributed network of computers rather than a central authority.
Poly Network disclosed the attack Tuesday and asked to establish communication with the hackers, urging them to “return the hacked assets.” Surprisingly, nearly half of the crypto haul has been returned by Wednesday.
They sent a message to Poly Network embedded in a cryptocurrency transaction saying they were “ready to return” the funds. The DeFi platform responded requesting the money be sent to three crypto addresses.
According to Poly Network, $342 million worth of assets has been returned by Thursday morning.
“I think this demonstrates that even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics,” said Tom Robinson, chief scientist of blockchain analytics firm Elliptic. “In this case, the hacker concluded that the safest option was just to return the stolen assets.”
Once the hackers stole the money, they began to send it to various other cryptocurrency addresses. Researchers at security company SlowMist said a total of more than $610 million worth of cryptocurrency was transferred to three addresses.
SlowMist said in a tweet that its researchers had “grasped the attacker’s mailbox, IP, and device fingerprints” and are “tracking possible identity clues related to the Poly Network attacker.”
Poly Network urged cryptocurrency exchanges to “blacklist tokens” coming from the addresses that were linked to the hackers. About $33 million of Tether that was part of the theft has been frozen, according to the stablecoin’s issuer.
Changpeng Zhao, CEO of major cryptocurrency exchange Binance, said he was aware of the attack. He said Binance is “coordinating with all our security partners to proactively help,” but that “there are no guarantees.”
However, the attacker stated their willingness to return the stolen funds on multiple occasions, which has led to suggestions that it may have been a white hat hack to teach Poly an expensive lesson about its security flaws.
The hacker has conducted an Ask Me Anything (AMA) using embedded messages in Ethereum transactions, and while they appear to be a non-native English speaker, what’s lost in translation is their grand plan.
When asked why they were hacking and why the Poly protocol, in particular, the hacker states “for fun” and because “cross-chain hacking is hot.”
Despite such answers, they then proceed to claim the hack was conducted for noble causes and that they have since been transferring tokens between addresses only to keep them safe:
“When spotting the bug, I had a mixed feeling. Ask yourself what to do had you facing so much fortune. Asking the project team politely so that they can fix it? Anyone could be the traitor given one billion. I can trust nobody! The only solution I can come up with is saving it in a trusted account.”
“Now everyone smells a sense of conspiracy. Insider? Not me, but who knows? I take the responsibility to expose the vulnerability before any insiders hiding and exploiting it!” they added.
In recent times, DeFi has become a key target for attacks. From the start of the year until July, DeFi-related hacks totaled $361 million — an increase of nearly three times from all of 2020, according to cryptocurrency compliance company CipherTrace.
DeFi-related fraud is also on the rise. In the first seven months of the year, it accounted for 54% of all crypto fraud volume versus 3% for all of last year.