Cyberhacker returns over $260 million in cryptocurrency

The hacker behind what has been dubbed the largest decentralised finance platform hack in history has returned some of what they stole last week and sent back approximately $260 million of the more than $600 million in stolen cryptocurrency. 

The Poly Network -- a "DeFi" platform that works across blockchains -- said the unknown culprit behind the attack has so far returned $256 million in BSC, $1 million from Polygon and $3.3 million in Ethereum. 

The company noted that there is still $269 million in Ethereum, as well as $84 million in Polygon that needs to be returned. It attributed the attack to a vulnerability that was exploited concerning contract calls. However it added the exploit "was not caused by the single keeper as rumored”. 

Online researchers had tied the attack to a Poly Network privileged contract called the “EthCrossChainMananger."

Reasons behind crypto attacks 

In addition to returning the money, the hacker included a three part Q&A where they explained some of their reasoning. The attacker, in a post which was shared by Elliptic co-founder Tom Robinson, said they found a bug in Poly Network's system and contemplated what to do from there. They eventually decided to steal the money available and transfer it into another account. 

They tried to paint their actions as altruistic and said they were trying to expose the vulnerability before it was exploited by "an insider." They claim to be completely protected because they used anonymous email addresses and IPs. The attacker described the Poly Network as a ‘decent system’ and said it was ‘one of the most challenging attacks that a hacker can enjoy’.

The attacker added: "I didn't want to cause real panic in the crypto world. So I chose to ignore rubbish coins, so people didn't have to worry about them going to zero. I took important tokens (except for Shib) and didn't sell any of them."

Eventually the attacker began to sell or swap stablecoins because they were unhappy with how Poly Network responded to the attack and suggested the company should have learned something from the experience.

The culprit noted that they were moving slowly in returning the money because they needed rest, more time to negotiate with Poly Network and also needed to "prove" their dignity while hiding their identity. 

The statement went to say that the attacker wanted to help Poly Network with its security because of its importance to the cryptocurrency industry. 

Ripple effects of crypto attacks

The audacious attack sent shockwaves through the blockchain and cryptocurrency communities as Poly Network sought to respond. The company works across blockchains for Bitcoin, Ethereum, Neo, Ontology, Elrond, Ziliqa, Binance Smart Chain, Switcheo, and Huobi ECO Chain.

Poly Network had begged the hacker to return the money and threatened to prosecute the perpetrator as a major economic crime. The team went on: "It is very unwise for you to do any further transactions. The money stole are from tens of thousands of crypto community members, hence the people. You should talk to us to work out a solution. We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses."

The company also appealed to miners across affected blockchain and crypto exchanges like Binance, Tether, Uniswap, HuobiGlobal, OKEx, Circle Pay and BitGo to blacklist any tokens coming from these addresses.

Hank Schless, senior manager at Lookout, told ZDNet that DeFi has "become a primary target for cybercriminals" and a recent report from CipherTrace found that attacks on DeFi caused an all-time high number of losses for the first half of 2021. 

The DeFi community saw a record loss of $474 million between January and July this year thanks to cybercriminals. 

The attack on Poly Network is bigger than other headlining cryptocurrency attacks like the $550 million hack of Coincheck in 2018 and the $400 million Mt. Gox hack in 2014.