On August 10, hackers managed to steal $610 million in cryptocurrency in a bold digital heist by exploiting a vulnerability in Poly Network, a platform used to allow transactions between different blockchains. In a bizarre turn of events, the hackers have now returned more than half of their score after details of the bogus transactions were released to the public.
Poly Network works as a ‘DeFi’ or a decentralized finance platform that cuts out the middleman (brokerages, mostly), providing peer-to-peer financial transactions on various public blockchains. This means that a Bitcoin user can make transactions with an Ethereum user, which on other platforms isn’t possible since the currencies operate on separate blockchains.
In what Poly Network is calling “the biggest DeFi heist ever,” hackers found a way to manipulate transactions in a way that let them divert millions of dollars of over a dozen different cryptocurrencies to three separate digital wallet addresses.
Once the theft occurred, Poly Network took to Twitter, asking for the return of the stolen assets from the hackers. The company then took the dramatic step of posting the addresses of the thief’s digital wallets online and asking miners and crypto exchanges to blacklist any tokens coming from those addresses.
With this information made public, the company was able to flag the illegal transactions, essentially revealing a digital footprint for each stolen dollar. The hackers found themselves sitting on $600 million they can’t use because everyone knows it’s stolen. It’s like dye packs hidden in stacks of money exploded after a big bang heist, rendering all of it bright pink and unusable.
Surprisingly, Poly Network took to Twitter this morning to explain that it is now working with the alleged hacker, called Mr. White Hat, who has been returning portions of the stolen funds throughout the day.
“I think this demonstrates that even if you can steal crypto-assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics,” said Tom Robinson, chief scientist of blockchain analytics firm Elliptic, when consulted by CNBC.
According to Poly Network’s Twitter account, as of August 12, $342 million (over half of the stolen amount) has been returned by the hackers, with an outstanding $268 million worth of Etherum remaining. Despite being called Mr. White Hat, a term that refers to ethical hackers, there’s no evidence that the person or group who committed the crime had good intentions.