By Arghyadeep Dutta, 12:30 pm ET:
Hackers have started returning some of the $600 million they stole from Poly Network in what is said to be one of the largest cryptocurrency thefts ever.
Poly Network is a decentralized finance platform (DeFi), a protocol launched by the developer of the Chinese blockchain project Neo, which operates on the Binance Smart Chain, Ethereum, and Polygon blockchains. The cybercriminals exploited a vulnerability in the network that looks to connect different blockchains to work together.
On Tuesday, the cyberattack struck each blockchain consecutively, after which the Poly team announced the hack on Twitter and tweeted the details of digital wallets to which the money was transferred, and asked crypto miners to blacklist tokens from those addresses.
Poly Network also urged the hackers to “return the hacked assets.”
A blockchain is a ledger of activities upon which various cryptocurrencies are based, with each digital coin has its own chain, making every coin different from each other.
DeFi is a broad term for decentralized financial applications based on blockchain technology to cut out intermediaries such as banks and exchanges with an aim to make lending or borrowing more efficient and cheaper.
“The amount of money you hacked is the biggest in defi history,” Poly Network said in a tweet.
From the Ethereum chain, $273 million worth of Ether (ETH) was stolen, while $253 million and $85 million worth of Binance coin (BNB) from the Binance Smart Chain and PolyMatic coin (MATIC) from the Polygon had been siphoned off, respectively, totaling $611 million.
However, on Wednesday, the addresses associated with the hacker began returning some of the funds they stole.
The Polygon address associated with the hacking returned $100 worth of USDC to a wallet set up by the Poly team before sending $10,000 and $1 million consecutively, Polygonscan shows.
The hacker also returned $47.77 million in BTCB on Binance Smart Chain, BscScan shows.
On Ethereum, it returned $622,000 in Fei USD and a little over $ 2 million in Shiba Inu five minutes later.
“I think this demonstrates that even if you can steal crypto-assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics,” Tom Robinson, chief scientist of blockchain analytics firm Elliptic, told CNBC.
“In this case, the hacker concluded that the safest option was just to return the stolen assets.”
Researchers at security company SlowMist said it had “grasped the attacker’s mailbox, IP, and device fingerprints” and are “tracking possible identity clues related to the Poly Network attacker” and concluded that the theft was “likely to be a long-planned, organized and prepared attack.”
O3 Labs, a Tokyo-based blockchain developer, associated with Poly Network’s affiliate Neo, tweeted, “This hacker might yet be of the white hat variety.” Returning the funds indicates the hacker wasn’t after personal gains, which black-hat hackers do, but wanted to expose vulnerabilities to make the project more robust.
From the start of the year until July, DeFi-related hacks totaled $361 million, which increased nearly threefold from all of 2020, cryptocurrency compliance company CipherTrace data shows, indicating that DeFi has become a key target for cybercriminals.