A day after the massive $600 mn DeFi hack at Poly Network, the hacker has decided to return cryptocurrency worth $260mn. Poly Network, the company at the center of the hack announced that the hacker has returned one-third of the stolen cryptocurrency.
On Tuesday, the startup that allows users to transfer tokens between multiple blockchains disclosed about the breach and demanded that the stolen cash be returned, threatening legal action if they did not.
A day after the hack, Poly Network announced that the hacker has returned $260 million worth of stolen cryptocurrency, but $353 million remains outstanding.
How did they breach Poly Network?
According to Chainalysis, a blockchain forensics firm, the hackers took advantage of a vulnerability in the digital contracts Poly Network employs to shift assets across blockchains.
According to digital messages shared by Elliptic, a crypto monitoring firm, and Chainalysis, a person claiming responsibility for the breach disclosed they did it “for fun” and wanted to “highlight the weakness” before others could exploit it. The suspected hacker added that returning the tokens was “always the plan,” adding, “I am not extremely interested in money.”
Tom Robinson, co-founder of Elliptic told Reuters that the hassles of laundering stolen crypto on such a large scale may have influenced the decision to return the money. He said the following in regard to laundering crypto-assets:
“Even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the broad use of blockchain analytics by financial institutions.”
Update: 13/08/2021: The hacker returns most of the crypto.
Poly Network announced that the hackers returned nearly all of the $610 million-plus they stole. On Twitter, the platform declared the hackers as ‘white hat’ referring to ethical hackers who generally aim to expose cyber vulnerabilities. The hackers transferred the stolen tokens to a multi-signature wallet controlled by both the platform and the hacker.
As per Poly Network, the only remaining tokens yet to be returned are the $33 million in tether stablecoins frozen earlier in the week by cryptocurrency firm Tether. The digital messages shared by Tom Robinson states Poly Network offered the hacker a $500,000 bounty to return the stolen assets and promised that he would not be accountable for the incident.
Poly Network disclosed the following regarding the repayment process:
The repayment process has not yet been completed. To ensure the safe recovery of user asset, we hope to maintain communication with Mr. White Hat and convey accurate information to the public.