Hackers behind one of the biggest ever digital coin heists have now returned nearly all of the $610 million (roughly Rs. 4,530 crores)-plus they stole, Poly Network, the cryptocurrency platform targeted earlier this week by the attack, said on Thursday.
The platform, which was little known before Tuesday’s heist, declared the hacker on Twitter as a “white hat,” referring to ethical hackers who generally aim to expose cyber vulnerabilities, upon the return of the funds.
$342 million (As of 12 Aug 08:18:29 AM +UTC) of assets had been returned:
The remaining is $268M on Ethereum
— Poly Network (@PolyNetwork2) August 12, 2021
The only remaining tokens yet to be returned are the $33 million(roughly Rs. 245 crores) in tether stablecoins frozen earlier in the week by cryptocurrency firm Tether, Poly Network said.
“The repayment process has not yet been completed. To ensure the safe recovery of user asset, we hope to maintain communication with Mr. White Hat and convey accurate information to the public,” said Poly Network on Twitter.
A person claiming to have perpetrated the hack said Poly Network offered him a $500,000 (roughly Rs. 3.7 crores) bounty to return the stolen assets and promised that he would not be accountable for the incident, according to digital messages shared on Twitter by Tom Robinson, chief scientist and co-founder of Elliptic, a crypto tracking firm.
Poly Network, which allows users to transfer or swap tokens across different blockchains, said on Tuesday it had been hit by the cyberheist, urging the culprits to return the stolen funds.
The still as yet unidentified hacker or hackers appear to have exploited a vulnerability in the digital contracts Poly Network uses to move assets between different blockchains, according to blockchain forensics company Chainalysis.
On Wednesday, the hackers started returning the stolen coins, leading some Blockchain analysts to speculate that they might have found it too difficult to launder stolen cryptocurrency on such a scale.
Later on Wednesday, the hackers said in digital messages also shared by Elliptic that they had perpetrated the attack “for fun” and wanted to “expose the vulnerability” before others could exploit it and that it was “always” the plan to return the tokens.
At $600 million (roughly Rs. 4.460 crores), however, the Poly Network theft far outstripped the record $474 million (roughly Rs. 3,520 crores) in criminal losses that were registered by the entire decentralised finance (DeFi) sector from January to July, according to crypto intelligence company CipherTrace.
The theft illustrates the risks of the mostly unregulated DeFi sector, said crypto experts. DeFi platforms allow users to conduct transactions, usually in cryptocurrency, without traditional gatekeepers such as banks or exchanges.
© Thomson Reuters 2021