In a bizarre turn of events, a hacker that compromised decentralized finance protocol Poly Network has begun to return over $600 million in stolen cryptocurrency. Thus far, the hackers have returned $342 million in Ethereum, BSC, and Polygon.
On August 10, a hacker compromised a vulnerability in Poly Network that enabled them to transfer $610 million in Ethereum, Binance Smart Chain, and Polygon. It was the largest hack in the history of crypto.
Soon after the attack, Poly Network took to Twitter addressing the hacker directly in a letter that began “Dear Hacker.” The letter urged the hacker to contact Poly Network representatives to “work out a solution.” It warned that the scale of the hack would be sure to attract the attention of various law enforcement agencies from around the world. According to the letter, the hack affected tens of thousands of Poly Network users.
Although the Tweet was largely ridiculed, it appeared to have some impact with accounts associated with the hacker returning approximately $4 million shortly after.
In a brazen move, the hacker then decided to speak publicly conducting a questions and answers session through messages embedded in ETH transactions. During this session, the hacker stated that after they identified a bug in Poly Network’s security, they decided to steal the crypto to “keep the funds safe,” adding, “I prefer to stay in the dark and save the world.”
The walls are closing in
As the hacker enjoyed their 15 minutes of fame, blockchain security experts from around the world began to piece together their identity with the use of on-chain and off-chain tracking.
On August 11, cybersecurity company SlowMist revealed that they had identified the hacker’s email, IP address, and device fingerprints. The company also discovered that the hack had likely been “a long-planned, organized and prepared attack.”
With the walls closing in, the hacker now appears to have all but given up. According to a Poly Network Tweet, as of August 12 at 08:18 UTC, a total of $342 million has been returned. This includes $4.9 million in Ethereum, $252 million in BSC, and $85 million in Polygon. There is still $268M on Ethereum outstanding.