Hacker behind $600m crypto heist did it ‘for fun’
More than $600 million worth of crypto was stolen in the cyberattack, which targeted a decentralized finance (DeFi) platform called the Poly Network.
Decentralized finance is a fast-growing space within the crypto industry aiming to reproduce traditional financial products like loans and trading without the involvement of any middlemen.
It has attracted billions of dollars in investment, but because of this, the DeFi space has also given rise to new hacks and scams. For example, a token backed by billionaire investor Mark Cuban recently dropped from $60 to just several thousands of a cent in an apparent “bank run”
Poly Network is a platform that looks to connect different blockchains so they can work together. A blockchain is a digital ledger of transactions maintained by a distributed network of computers instead of by a central authority.
Poly Network pleaded for return of assets
On Tuesday a hacker exploited a flaw in Poly Network’s code to steal the funds. According to researchers at blockchain security firm SlowMist, Poly Network lost more than $610 million. Poly Network had pleaded with the hacker to return the money and nearly half was returned yesterday. As of this morning (Thursday), $342 million worth of assets were returned.
The anonymous hacker said yesterday the reason behind the attack was “for fun”. He said: “When spotting the bug, I had a mixed feeling. Ask yourself what to do had you facing so much fortune. Asking the project team politely so that they can fix it? Anyone could be the traitor given one billion!”
He continued:“I can trust nobody! The only solution I can come up with is saving it in a _trusted_ account while keeping myself _anonymous_ and _safe_.”
The person also gave a reason for returning the funds, claiming: “That’s always the plan! I am _not_ very interested in money! I know it hurts when people are attacked, but shouldn’t they learn something from those hacks?”
Tom Robinson, chief scientist at blockchain analytics firm Elliptic, said the person writing the Q&A was “definitely” the hacker behind the Poly Network attack because the messages they sent were embedded in transactions sent from their account, he claimed.
The hacker, or hackers, have not yet been identified.