Hacker Steals US$610 Million in Cryptocurrency, Then Gives it Back

Published: 13 August 2021

The hack is the largest in the history of decentralized finance. Source: Piqsels.com

The hack is the largest in the history of decentralized finance. (Photo: Pxfuel, License)

By Emily Tian

In a bizarre twist, a hacker who stole over half a billion dollars from a cryptocurrency platform, returned almost all of it by Friday.

Poly Network platform announced the theft on Tuesday and urged the hacker to return the stolen funds to the people, threatening legal action. 

"Law enforcement in any country will regard this as a major economic crime and you will be pursued," the company said in a statement addressing the hacker. "It is very unwise for you to do further transactions."

The culprit responded and started returning the stolen assets the next day.

“So far, we have received a total value of $4,772,297.675 assets returned by the hacker,” the company tweeted on Thursday.  

Poly Network is a cryptocurrency exchange platform that lets users exchange tokens across different blockchain networks in a peer-to-peer manner known as decentralized finance, or DeFi. 

According to Blockchain security firm SlowMist, the hacker transferred a total of US$610 million in cryptocurrencies from Poly Network to three addresses. 

Poly Network tweeted that its forensic investigation revealed that the hacker exploited a vulnerability in the platform’s smart contract calls. Smart contracts are software programming scripts executed on blockchain networks. Blockchain is the technology at the center of most cryptocurrencies which records transactions on a ledger of blocks across a network of computers.

The hack is the largest in the history of decentralized finance, Poly Network said. The stolen funds were denominated in at least 12 cryptocurrencies, including $273 million in Ethereum tokens, $253 million in Binance Smart Chain tokens, and $85 million in Polygon U.S. dollar tokens.

SlowMist said that it had identified the hacker's email address, IP address, and electronic device fingerprints.

Messages appended to the hacker's return transactions claim that the hack was not intended to launder money but was undertaken "for fun," according to blockchain explorer data.

Poly Network also called on other cryptocurrency exchanges and issuers to blacklist blockchain addresses the hacker transferred the stolen funds to. Tether, a cryptocurrency that pegs fiat currencies like the U.S. dollar to bitcoin, froze the Poly Network hacker's Tethers, worth roughly $33 million, from transacting on its network.

 "We are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can," Changpeng Zhao, CEO of Binance, the largest cryptocurrency exchange by trading volume, said.