Poly Network hacker has now returned almost all the $600m in crypto taken

A hacker who took over half a billion dollars has returned most of it.
Written by Liam Tung, Contributing Writer

The cryptocurrency company behind a decentralized finance (DeFi) platform that lost over $600 million to a hacker has received most of the assets back. 

In a strange turn of events, the hackers who stole the digital assets on Tuesday returned the bulk of it to the DeFi platform Poly Network, which provides interoperability services across blockchains including Bitcoin, Ethereum and Binance Smart Chain. 

On Thursday, Poly Network said in a tweet that "all the remaining user assets on Etherum (except for the frozen USDT) had been transferred" to the Poly Network and to an account controlled by someone apparently called "Mr. White Hat" — a reference to cybersecurity professionals who help defend systems (versus "Black Hats" who hack systems for fun and profit). 

SEE: This new phishing attack is 'sneakier than usual', Microsoft warns

DeFi's like Poly let people exchange tokens across blockchains. Poly Network uses smart contracts to work across Bitcoin, Ethereum, Neo, Ontology, Elrond, Ziliqa, Binance Smart Chain, Switcheo, and Huobi ECO Chain.

As explained by Reuters, Poly Network works by smart contracts that instruct different blockchains to release the assets to the counterparties. One of Poly Network's smart contracts was used for liquidity to facilitate swapping tokens between blockchains. 

Poly Network said the hacker "exploited a vulnerability between contract calls".   

The hackers have now returned the majority of what they took in what the company described as one of the 'biggest' hacks in de-fi history.

The funds have been gradually returning since. Poly Network yesterday said the unknown attacker has so far returned $256 million in BSC, $1 million from Polygon, and $3.3 million in Ethereum. The attacker has not returned the $33 million that Tether froze.  

According to the BBC, Poly Network offered the attacker $500,000 to return for the $600 million in crypto-assets. 

SEE: Malware developers turn to 'exotic' programming languages to thwart researchers

The DeFi hack happened as the US weighs in on the issue of regulating cryptocurrency players that operate in a $2 trillion market that largely stands outside of existing anti-money laundering laws and the tax system.

As The New York Times columnist, Ezra Klein argues, crypto brings scarcity to digital goods -- like online art -- and that creates value. Government and regulators, however, haven't figured out whether there's a public appetite for regulating this area of finance and technology, nor where to apply pressure on different actors, from those developing the technology to those who control the exchange of assets. 

Editorial standards