The hacker behind one of the largest ever cryptocurrency heists has returned almost half of the $600m (PS433m) stolen assets.
Yesterday, blockchain platform Poly Network wrote a letter on Twitter, asking the individual to get in touch “to work out a solution”.
According to the website, the hacking of the money was the “biggest” indecentralised finance.
Poly Network announced that it received $260 million at 18:28 BST Wednesday.
Poly Network posted on Twitter that it had been sent digital tokens relating to three crypto-currencies, including $3.3m worth of Ethereum, $256m worth of Binance Smart Chain (BSC) and $1m worth of Polygon.
Unrecovered funds include $269m worth of Ethereum tokens, $84m worth of Polygon tokens, and $269m in Polygon tokens.
The hacker also took to one of the blockchains to publish a three-page-long Q&A session, where he essentially “interviewed himself”, according to Tom Robinson, co-founder of Elliptic, a London-based blockchain analytics and compliance firm.
According to the hacker, he chose to return stolen assets as he was not very interested in money.
While I know that it is painful when someone gets attacked, shouldn’t people learn from hacks? He wrote the following in notes that were posted to the Blockchain.
He said that he had spent all night trying to discover a flaw to exploit. To prove his point, he took millions in crypto tokens and was concerned that Poly Network would quietly patch the security hole.
He stressed however that he didn’t want to create a panic in the crypto-world. So he took only “important coins”, with the exception of Dogecoin which was originally a joke.
Robinson explained that they either intended to steal assets and commit theft, or they did it as a white-hat hacker in order to reveal a bug and help Poly Network become more secure. Mr Robinson advises law enforcement and governments about crypto-related crimes to the BBC.
The nature of Blockchain technology means that cybercriminals cannot profit by stealing digital currency. Everyone can see how the money is being transferred across the network to the hackers’ accounts.
Robinson said, “I wonder if this hacker stole funds, realized how much attention and publicity they were receiving, and realized where they had moved funds would be monitored, and decided that they wanted to return it.”
The blockchain has worked flawlessly here, but you have the option to write smart contracts on Ethereum blockchains. This service is offered by a variety of services, such as Poly Network.
So whenever code is written by a human, it’s possible they might make an error.
Blockchains are a log or ledger of all transactions made using a cryptocurrency like Bitcoin. Instead of being kept by a single entity, the ledger can be distributed to everyone in the network and used to verify any new transactions that occur.
The platform of Poly Network facilitates movement among several blockchains, when users trade one cryptocurrency for another. For example, trading BSC for Ethereum.
The Poly Network facilitates movement between the chains. James Chappell co-founder of the London-based cyber security firm Digital Shadows, told BBC that “The Poly Network” is what he meant.
This is true for banks and any other financial institution. The problem is that a party may have discovered a flaw in the system and used it to trick the network into sending these tokens wrongly.
In the past 12 months, similar attacks have been made to other services including Yearn Finance which saw $11m being stolen by hackers; Alpha Finance which saw $37m theft in the same month; Meerkat Finance which saw $32m taken by hackers; and Meerkat Finance which was stolen from $32 million by hackers.
It was a wild 24 hours in crypto.
The hacker wrote online, “The pains experienced is temporary but memorable.”
It is now being treated skeptically by the hacker or hackers who claim it was an elaborate scheme to make Poly Network fix its security flaws.
If the motivation was honorable, why the online boasting and taunting?
There’s some suggestion that the net may have been closing in, as one cyber-security company says it was close to working out the identity of the cyber-criminal.
The hacker might have bitten off more than they could chew, and became scared. So the hacker returned the money.
Regardless of any quick refund, authorities will continue to work hard to capture the suspects.
This story mainly demonstrates how powerful hackers are and how ineffective the decentralized cryptocurrency network can be when somebody steals large sums of money.
Publited at Thu 12 August 2021, 00:28.22 (+0000).