The hacker claims the $611 million theft was intended to expose a weakness in Poly Network's system
A hacker who stole more than $600 million in one of the largest ever cryptocurrency heists has returned over half of what they took.
Poly Network, a decentralised finance (DeFi) platform, said the hacker had sent back $256 million on Binance Smart Chain, $3.3 million in Ethereum and $1 million in Polygon as of 11th August.
The company added that there was still $269 million in Ethereum and $84 million in Polygon missing.
$260 million (As of 11 Aug 04:18:39 PM +UTC) of assets had been returned:
— Poly Network (@PolyNetwork2) August 11, 2021
Ethereum: $3.3M
BSC: $256M
Polygon: $1M
The remainings are $269M on Ethereum, $84M on Polygon
Tom Robinson, co-founder of blockchain analytics firm Elliptic, shared a post where the attacker said they had discovered a flaw in Poly Network's system, and decided to transfer the money to another account.
The aim of the attack was to expose the security vulnerability before it was exploited by "an insider," the hacker said.
They also claimed to have used anonymous IPs and email addresses to remain completely protected.
"The Poly Network is a decent system. It's one of the most challenging attacks that a hacker can enjoy. I had to be quick to beat any insiders or hackers," the person said.
"I didn't want to cause real panic of the crypto world. So I chose to ignore shit coins, so people didn't have to worry about them going to zero."
The $600 million Poly Network hacker has published part one of a "Q&A":#polynetworkhack pic.twitter.com/3y1JQnHe50
— Tom Robinson (@tomrobin) August 11, 2021
The attacker broke into Poly Network on Tuesday, stealing about $611 million worth of crypto currencies.
Poly Network swaps tokens across different blockchains, including Bitcoin, Ethereum, Ontology, Elrond, Neo, Ziliqa, Switcheo, Binance Smart Chain and Huobi ECO Chain.
After identifying the attack, Poly urged crypto exchanges to block the funds that were taken.
'We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses,' it said on Twitter, providing three addresses where the assets were transferred.
The company also urged the hacker to return all stolen assets.
Important Notice:
— Poly Network (@PolyNetwork2) August 10, 2021
We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker's following addresses:
ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71
According to reports, Slowmist Technology and other security researchers were able to find identifying information about the hacker, including an IP address, email, and the Chinese cryptocurrency exchange that was used in the heist.
On Wednesday, the hacker sent a message to Poly Network stating that they were "ready to return" the funds.
The DeFi platform provided three crypto addresses to the hacker to transfer the assets.
The DeFi sector has already registered losses of $474 million in the first eight months of the year, according to Reuters.
"Just eight months into 2021 and DeFi hacks, thefts and frauds have already surpassed the total DeFi crimes from 2020," Dave Jevans, CipherTrace's chief executive officer, told Reuters.
While the Poly Network hack might shake the confidence of people who rely on crypto exchanges, Elliptic's Robinson told CNBC that it usually difficult for hackers to launder or cash out cryptocurrency, "due to the transparency of the blockchain and the use of blockchain analytics." Poly Network's ability to see and blacklist addresses is a perfect example.
Such incidents therefore might discourage attacks.
"In this case the hacker concluded that the safest option was just to return the stolen assets," Robinson added.