UPDATED 8/12, 10:25 a.m. ET: Poly Network’s plea worked, at least to a degree. As of early Thursday, the hacker had returned $342 million of the stolen currency, leaving $268 million still missing. Poly stated on Wednesday that $260 million had been returned.
“A person claiming to have perpetrated the hack said they did it ‘for fun’ and wanted to ‘expose the vulnerability’ before others could exploit it, according to digital messages shared by Elliptic, crypto tracking firm, and Chainalysis,” Reuters reported. “It was ‘always the plan’ to return the tokens, the purported hacker wrote, adding: ‘I am not very interested in money.’”
In a tweeted update, the team—referring to the hacker as “Mr. White Hat”—said, “We look forward to Mr. White Hat returning all of the remaining user assets as stated by him, and we will continue to work hard to achieve this goal.”
See original story below.
The blockchain site Poly Network said hackers found a way into its system and then stole thousands of digital tokens with an estimated value of more than $600 million, making it perhaps the biggest cryptocurrency heist ever.
Poly Network is a Defi (meaning decentralized finance) provider that lets users move tokens on one blockchain to another network.
The company posted a letter to Twitter asking the thief to “establish communication” while simultaneously urging them to give back the stolen assets voluntarily. The letter claimed that the two sides should work out a solution, while also implying law enforcement would pursue the suspect regardless of wherever they’re living:
Poly Network says a preliminary investigation discovered that whoever’s responsible for the digital heist exploited a “vulnerability between contract calls.” According to BBC News, the Network also called upon various exchanges to disallow deposits of the coins after millions of bucks worth of the tokens were moved to different cryptocurrency wallets.
It was reported that shortly after the hack took place the crypto company Tether froze about $33 million in USDT tokens connected to the wallet address of the alleged hacker. That’s according to Tether’s chief technology officer:
Forbes reports that the Blockchain-based security firm SlowMist also put out a statement shortly after the breach that claimed to have the hacker’s email and IP address, and was trying to figure out additional clues that would point to the person’s identity.
The stolen currency broke down to about $267 million worth of Ether, $252 million worth of Binance coins, and about $85 million of USDC coins.
Binance’s chief executive, Changpeng Zhao, said that that company’s been informed of the hack. He added that Binance intends to do “as much as we can” but preceded that vow with a less assuring statement that said “[t]here are no guarantees.”