About $33m in frozen coins yet to be returned as still-unidentified hacker claims attack was carried out ‘for fun’ to ‘expose the vulnerability’ of platform.
Hackers behind one of the biggest-ever digital coin heists have now returned nearly all of the $610m-plus they stole, the cryptocurrency platform targeted this week by the attack says.
The Poly Network platform, which was little known before Tuesday’s heist, on Thursday declared the hacker on Twitter to be a “white hat”, referring to ethical hackers who generally aim to expose cyber vulnerabilities, upon the return of the funds.
Poly Network, which facilitates peer-to-peer token transactions, added that the tokens were transferred to a multi-signature wallet controlled by both the platform and the hacker.
The only remaining tokens yet to be returned are the $33m in tether stablecoins frozen earlier in the week by cryptocurrency firm Tether, Poly Network said.
“The repayment process has not yet been completed,” Poly Network said on Twitter. “To ensure the safe recovery of user asset, we hope to maintain communication with Mr. White Hat and convey accurate information to the public.”
A person claiming to have perpetrated the hack said Poly Network offered him a $500,000 bounty to return the stolen assets and promised that he would not be accountable for the incident, according to digital messages shared on Twitter by Tom Robinson, the chief scientist and co-founder of Elliptic, a crypto tracking firm.
Poly Network, which allows users to transfer or swap tokens across different blockchains, said on Tuesday it had been hit by the cyberheist and urged the culprits to return the stolen funds.
The still as-yet-unidentified hacker or hackers appear to have exploited a vulnerability in the digital contracts Poly Network uses to move assets between different blockchains, according to blockchain forensics company Chainalysis.
On Wednesday, the hackers started returning the stolen coins, leading some Blockchain analysts to speculate that they might have found it too difficult to launder stolen cryptocurrency on such a scale.
Later on Wednesday, the hackers said in digital messages also shared by Elliptic that they had perpetrated the attack “for fun” and wanted to “expose the vulnerability” before others could exploit it and that it was “always” the plan to return the tokens.
At $600m, however, the Poly Network theft far outstripped the record $474m in criminal losses that were registered by the entire decentralised finance (DeFi) sector from January to July, according to crypto intelligence company CipherTrace.
The theft illustrates the risks of the mostly unregulated DeFi sector, crypto experts say. DeFi platforms allow users to conduct transactions, usually in cryptocurrency, without traditional gatekeepers such as banks or exchanges.
Source The Guardian