More than $600 million stolen in Poly Network hack in biggest heist ever… only to be later returned by the hacker.
The victim of the attack is a protocol that was formed by an alliance between teams behind Neo, Ontology, and Switcheo. Poly Network protocol is used for swapping tokens across blockchains like Bitcoin, Ethereum, and Ontology.
The blockchain site Poly Network stated that hackers found a way into its system and then stole thousands of digital tokens with an estimated value of more than $600 million, making it perhaps the biggest cryptocurrency hack ever.
Poly Network’s official Twitter account tweeted about the massive hack. “We are sorry to announce that Poly Network was attacked,” the Twitter account said and explained that the hacker was able to access funds on various chains.
Poly Network hack: company attempts to establish communication with attacker
After the Poly Network hack, the company posted a letter to Twitter asking the thief to “establish communication” while simultaneously urging them to give back the stolen assets voluntarily. The letter claimed that the two sides should work out a solution, while also implying law enforcement would pursue the suspect regardless of wherever they’re living.
Poly Network put out a plea for the stolen Ethereum, BinanceChain and OxPolygon tokens to be shunned by traders running “wallets” for storing cryptocurrency. “The amount of money you hacked is the biggest one in the defi history,” Poly Network said in a tweeted message to the thieves, using a reference to decentralized finance involving cryptocurrency.
“The money you stole are from tens of thousands of crypto community members.” Poly Network threatened police involvement, but also offered the hackers the chance to “work out a solution.” The US Department of Justice and FBI did not immediately respond to requests for comment.
“We are sorry to announce that #PolyNetwork was attacked” and assets transferred to hacker-controlled accounts, the company said in a series of tweets.
The attackers stole $273 million in Ethereum tokens, tokens worth $253 million on Binance Smart Chain, and $85 million in tokens on USD Coin. Poly Network team has urged exchanges and miners to block stolen funds. The cross-chain protocol called on Binance, Coinbase Pro, Huobi Global, OKEx, Tether and Circle to take immediate actions. The hacker attempted to launder the stolen funds by depositing them on Curve.fi, an exchange liquidity pool. The first few attempts were rejected by the mining pool.
Soon after the hack, Tether, the company behind the world’s third-largest cryptocurrency by market capitalization, froze roughly $33 million in USDT tokens associated with the alleged hacker’s wallet address. Blockchain based security firm SlowMist also issued a statement hours after the attack, stating it had identified the attacker’s email, IP address and device fingerprints, and was working on tracking additional identity clues.
Poly Network posted online addresses used by the hackers, and called on “miners of affected blockchain and crypto exchanges to blacklist tokens” coming from them.
Poly Network did not respond to an AFP request for comment, but Twitter users weighed in with calculations valuing the hackers’ haul at some $600 million hacked stating it to be the biggest cryptocurrency heist ever.
Hacker returns stolen crypto
The hacker initially responded to Poly Network’s attempt at recovering the stolen funds since a transaction from one of the attacker’s wallets included a message:
IT WOULD HAVE BEEN A BILLION HACK IF I HAD MOVED REMAINING SHITCOINS! DID I JUST SAVE THE PROJECT? NOT SO INTERESTED IN MONEY, NOW CONSIDERING RETURNING SOME TOKENS OR JUST LEAVING THEM HERE.Anonymous Hacker
And then, in an incredible twist to the story, the company announced it had been reunited with at least half of the stolen funds early on Thursday morning, with the hacker then holding a Q&A with Elliptic’s co-founder Tom Robinson. In the session, the hacker said that they “hack for fun” and are “not interested in money”. Alluding to the fact that the Poly Network hack was a ‘white hat’ attack, the attacker said they chose to steal the assets in order to bring awareness of a bug in the network’s codebase.
“I understood the risk of exposing myself even if I don’t do evil….[I]prefer to stay in the dark and save the world”.Anonymous Hacker
The hack that Poly Network suffered is the largest DeFi hack since it accounts for over 58.2% of the market cap of all decentralized finance tokens.
As of the end of April, cryptocurrency thefts, hacks and fraud so far this year totalled $432 million, according to an analysis by CipherTrace. While this number may appear to be small when compared to previous years, a deeper look reveals an alarming new trend.
As this unusual story continues to unfold, the question now turns to whether the Poly Network hacker will still continue to face being pursued by the authorities, and what consequences they would face if they were caught.
“Despite the return of the funds, the hacker might well still find themselves being pursued by the authorities. Their activities have left numerous digital breadcrumbs on the blockchain for law enforcement to follow, aided by blockchain analytics tools.”Elliptic, Blockchain compliance company.