Hackers have returned nearly half of the $600 million they stole in what’s likely to be one of the biggest cryptocurrency thefts ever. The cybercriminals exploited a vulnerability in Poly Network, a platform that looks to connect different blockchains so that they can work together.
Poly Network disclosed the attack Tuesday and asked to establish communication with the hackers, urging them to “return the hacked assets.” A blockchain is a ledger of activities upon which various cryptocurrencies are based. Each digital coin has its own blockchain and they’re different from each other. Poly Network claims to be able to make these various blockchains work with each other.
Poly Network is a decentralized finance platform. DeFi is a broad term encompassing financial applications based on blockchain technology that looks to cut out intermediaries — such as brokerages and exchanges. Hence, it’s dubbed decentralized. They sent a message to Poly Network embedded in a cryptocurrency transaction saying they were “ready to return” the funds. The DeFi platform responded requesting the money be sent to three crypto addresses.
As of 7 a.m. London time, more than $4.8 million had been returned to the Poly Network addresses. By 11 a.m. ET, about $258 million had been sent back. “I think this demonstrates that even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics,” Tom Robinson, chief scientist of blockchain analytics firm Elliptic, said via email. “In this case the hacker concluded that the safest option was just to return the stolen assets.”
Once the hackers stole the money, they began to send it to various other cryptocurrency addresses. Researchers at security company SlowMist said a total of more than $610 million worth of cryptocurrency was transferred to three addresses.
SlowMist said in a tweet that its researchers had “grasped the attacker’s mailbox, IP, and device fingerprints” and are “tracking possible identity clues related to the Poly Network attacker.” The researchers concluded that the theft was “likely to be a long-planned, organized and prepared attack.” Poly Network urged cryptocurrency exchanges to “blacklist tokens” coming from the addresses that were linked to the hackers.