Hackers have returned nearly half of the $600 million they stole in what’s likely to be one of the biggest cryptocurrency thefts ever.
The cybercriminals exploited a vulnerability in Poly Network, a platform that looks to connect different blockchains so that they can work together.
Poly Network disclosed the attack Tuesday and asked to establish communication with the hackers, urging them to “return the hacked assets.”
A blockchain is a ledger of activities upon which various cryptocurrencies are based. Each digital coin has its own blockchain and they’re different from each other. Poly Network claims to be able to make these various blockchains work with each other.
Poly Network is a decentralized finance platform. DeFi is a broad term encompassing financial applications based on blockchain technology that looks to cut out intermediaries — such as brokerages and exchanges. Hence, it’s dubbed decentralized.
Proponents say this can make financial applications such as lending or borrowing more efficient and cheaper.
“The amount of money you hacked is the biggest in defi history,” Poly Network said in a tweet.
In a strange turn of events Wednesday, the hackers began returning some of the funds they stole.
They sent a message to Poly Network embedded in a cryptocurrency transaction saying they were “ready to return” the funds. The DeFi platform responded requesting the money be sent to three crypto addresses.
As of 7 a.m. London time, more than $4.8 million had been returned to the Poly Network addresses. By 11 a.m. ET, about $258 million had been sent back.
“I think this demonstrates that even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics,” Tom Robinson, chief scientist of blockchain analytics firm Elliptic, said via email.
“In this case the hacker concluded that the safest option was just to return the stolen assets.”
Once the hackers stole the money, they began to send it to various other cryptocurrency addresses. Researchers at security company SlowMist said a total of more than $610 million worth of cryptocurrency was transferred to three addresses.
SlowMist said in a tweet that its researchers had “grasped the attacker’s mailbox, IP, and device fingerprints” and are “tracking possible identity clues related to the Poly Network attacker.”
The researchers concluded that the theft was “likely to be a long-planned, organized and prepared attack.”
Poly Network urged cryptocurrency exchanges to “blacklist tokens” coming from the addresses that were linked to the hackers.
About $33 million of Tether that was part of the theft has been frozen, according to the stablecoin’s issuer.
Changpeng Zhao, CEO of major cryptocurrency exchange Binance, said he was aware of the attack.
He said Binance is “coordinating with all our security partners to proactively help,” but that “there are no guarantees.”
“We will take legal actions and we urge the hackers to return the assets,” Poly Network said on Twitter.
DeFi has become a key target for attacks.
Since the start of the year until July, DeFi-related hacks totaled $361 million — an increase of nearly three times from all of 2020, according to cryptocurrency compliance company CipherTrace.
DeFi-related fraud is also on the rise. In the first seven months of the year, it accounted for 54% of total crypto fraud volume versus 3% for all of last year.