Infamous Defi Hackers Begin Returning Funds From Their $600m Heist
- Samuel Feldman
- Aug 11, 2021
- 2 min read
Updated: Aug 16, 2021
Hackers have begun to return part of the $610m haul of stolen cryptocurrencies in what appears to be a sensational reversal of one of the biggest ever crypto heists.
(Image credit: ft.com)
Earlier on Tuesday, news broke that hackers had stolen around $610m from Poly Network, a blockchain protocol that helps link blockchains together. According to wallet addresses posted on Twitter, around $267m of Ethereum, $252m of Binance coin, and roughly $85m in USDC tokens were taken. Looters apparently exploited a vulnerability in Poly Network's systems to make off with the funds.
This breach is thought to be one of the largest ever in decentralized finance, breaking the record of $530m heist taken from Tokyo-based bitcoin exchange Coincheck in 2018. Poly Network posted a letter on Twitter pleading for communication with the hackers and urging them to return the assets, calling the theft "the biggest in the DeFi history," referring to the decentralized finance space Poly Network operates in. The Poly Network team stated that it has traced stolen assets to three separate addresses and asked town issuers to blacklist tokens coming from those specified addresses. The company was also able to freeze around $33 million worth of tokens stolen in the heist.
"Law enforcement in any country will regard this as a major crime. and you will be pursued," the company said in its letter.
It appears that the hackers have listened because around $2m has been returned so far, with more seemingly on the way. An embedded message appears to say "READY TO RETURN THE FUND!" in an Ethereum transaction. A second message embedded in a transaction read: "IT'S ALREADY A LEGEND TO WIN SO MUCH FORTUNE. IT WILL BE AN ETERNAL LEGEND TO SAVE THE WORLD. I MADE THE DECISION, NO MORE DAO." More of the funds are expected to be returned in the coming hours and days.
This reversal comes after security researchers said they had identified a trail of digital clues left by the hackers. SlowMist, a blockchain security firm, said it had managed to identify "the attacker’s mailbox, IP, and device fingerprints through on-chain and off-chain tracking, and is tracking possible identity clues related to the Poly Network attacker."
"I think this demonstrates that even if you can steal crypto-assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics," Dr. Tom Robinson, co-founder & chief scientist at Elliptic. "In this case, the hacker concluded that the safest option was to return the stolen assets. So I think that this will actually improve confidence in decentralized finance."
The incident has emphasized the lack of consumer protections in the crypto market, which is largely unregulated. Only time will tell how this will affect the entire crypto space. While the reversal of stolen funds is a positive outcome for Poly Network, this shows an alarming message for the rest of the crypto space. Hackers can easily exploit vulnerabilities and breach security measures to steal millions in crypto-assets and return it just as easily. This proves how unsafe and unregulated the space is, which worries investors about the safety of their assets.
Comments