Hacker returns more than $260 million in cryptocurrency after Poly attack

The headline grabbing haul saw a cybercriminal steal more than $600 million in cryptocurrency.
Written by Jonathan Greig, Contributor

The hacker behind the largest decentralized finance platform hack in history returned much of what they stole on Wednesday, sending back approximately $260 million of the more than $600 million in cryptocurrency that was taken. 

In a statement, Poly Network -- a "DeFi" platform that works across blockchains -- said the unknown culprit behind the attack has so far returned $256 million in BSC, $1 million from Polygon and $3.3 million in Ethereum. 

Poly Network noted that there is still $269 million in Ethereum as well as $84 million in Polygon that needs to be returned. The company attributed the attack to a vulnerability that was exploited concerning contract calls. The exploit "was not caused by the single keeper as rumored," Poly Network added. 

Researchers online tied the attack to a Poly Network privileged contract called the "EthCrossChainManager."

In addition to returning the money, the hacker included a three-part Q&A where they explained some of their reasoning. In a post shared by Elliptic co-founder Tom Robinson, the attacker said they found a bug in Poly Network's system and contemplated what to do from there, eventually deciding to steal the money available and transfer it to another account. 

They tried to paint their actions as altruistic and said they were trying to expose the vulnerability before it was exploited by "an insider." They claim to be completely protected because they used anonymous email addresses and IPs.

"The Poly Network is a decent system. It's one of the most challenging attacks that a hacker can enjoy. I had to be quick to beat any insiders or hackers," the attacker said. 

"I didn't want to cause real panic in the crypto world. So I chose to ignore shit coins so people didn't have to worry about them going to zero. I took important tokens (except for Shib) and didn't sell any of them."

They eventually began to sell or swap stablecoins because they were unhappy with how Poly Network responded to the attack. 

"They urged others to blame and hate me before I had a chance to reply!" the attacker explained, adding that they turned to the stablecoins because they wanted to earn interest on the stolen money while they negotiated with Poly Network. 

"I am not very interested in money! I know it hurts when people are attacked, but shouldn't they learn something from those hacks?" they said. 

The culprit noted that they were moving slowly in returning the money because they needed rest, needed more time to negotiate with Poly Network and needed to "prove" their dignity while hiding their identity. 

The statement goes on to say that the attacker wants to help Poly Network with its security because of its importance to the cryptocurrency industry. 

"The Poly Network is a well-designed system, and it will handle more assets. They have got a lot of new followers on Twitter, right?" the statement said. "The pain they have suffered is temporary but memorable."

The audacious attack sent shockwaves through the blockchain and cryptocurrency communities as Poly Network sought to respond. The company works across blockchains for Bitcoin, Ethereum, Neo, Ontology, Elrond, Ziliqa, Binance Smart Chain, Switcheo, and Huobi ECO Chain.

Since Poly Network released a statement threatening the culprit on Tuesday, the hacker has been slowly returning the money. The company begged the hacker to return the money.

"The amount of money you hacked is the biggest one in defi history. Law enforcement in any country will regard this as a major economic crime, and you will be pursued," the Poly Network team said. 

"It is very unwise for you to do any further transactions. The money stole is from tens of thousands of crypto community members, hence the people. You should talk to us to work out a solution. We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses."

The company appealed to miners across affected blockchain and crypto exchanges like Binance, Tether, Uniswap, HuobiGlobal, OKEx, Circle Pay and BitGo to blacklist any tokens coming from these addresses.

Tether CTO Paolo Ardoino said the platform froze about $33 million in connection to the hack. 

Hank Schless, senior manager at Lookout, told ZDNet that DeFi has "become a primary target for cybercriminals". A recent report from CipherTrace found that attacks on DeFi caused an all-time high number of losses for the first half of 2021. 

Thanks to cybercriminals, the DeFi community saw a record loss of $474 million between January and July this year. 

The attack on Poly Network is bigger than other headlining cryptocurrency attacks like the $550 million hack of Coincheck in 2018 and the $400 million Mt. Gox hack in 2014

Editorial standards