Poly Network Hacker Keeps Sending Funds Back, Returns USD 342M

By Sead Fadilpašić

The hacker of the decentralized finance (DeFi) interoperability protocol Poly Network has returned more than half (in USD terms) of the stolen funds so far.

Per the latest data provided by Poly Network, as of August 12, almost USD 342m of assets has been returned. This includes:

• On Binance Smart Chain: USD 252m

• On Polygon: USD 85m

• On Ethereum: USD 4.6m.

They added that there is still USD 268m on Ethereum to be returned. This amounts to some USD 610m in stolen funds.

As reported, Poly Network suffered an exploit on August 10, with the attacker stealing more than a massive USD 600m. The attack happened on Binance Smart Chain (BSC), Ethereum (ETH), and Polygon (MATIC).

The hacker has started returning the funds yesterday, though it is not exactly clear why, or if there has been any sort of agreement between Poly and the attacker, or even if the attacker plans to return every last bit of it.

An interview with the attacker may offer some explanation, at least from their side of the story.

Embedded in Ethereum transactions sent from the account controlled by the hacker, and shared on Twitter by Tom Robinson, the chief scientist and co-founder of the blockchain data tracker Elliptic, the hacker posted a Q&A, claiming that they were forced to play the game.

The hacker said that they hacked the protocol for fun, and that cross-chain hacking is hot, hence the choice of Poly, but that they transferred the tokens to keep them safe.

They further argued that upon spotting the bug, they had mixed feelings as they didnt know if alerting anybody, the team included, would result in the funds being stolen. They said they shouldve stopped then but wondered what if [the team] patch the bug secretly without any notification.

The only solution I can come up with is saving it in a trusted account while keeping myself anonymous and safe, they wrote.

Not wanting to cause panic, they said, they took only the important coins, except for Shib and did not sell any.

As for why they went on to sell/swap the stablecoins, they replied I was pissed by the Poly team for their initial response.

Per the messages, this person is not an insider, but they said they take the responsibility to expose the vulnerability before any insider could exploit it in secret.

They also claim that they havent been exposed and that they prefer to stay in the dark and save the world. Additionally, returning the funds was allegedly always the plan.

The hacker further claims that this event was an attempt to strengthen a well designed system that will handle more assets like Poly. They claim to have been communicating with the Poly Network team, and that theyre returning the funds slowly so as to be able to talk with the team, prove [their] dignity while keeping their identity secret, and get rest in the meantime.

Lastly they said that being the crowdsourced hacker was their bad joke after seeing so many beggars asking for the stolen money to be shared, as well as that being the moral leader is the coolest hack they could ever achieve.

____

Learn more:

- RUNE Recovers 11% After Crash and Thorchain USD 8M Hack

- Holding The World To Ransom: Top 5 Online Gangs

- South Korean Politician: North Has Stolen USD 310M in Crypto Since 2019

- Another Two Binance Smart Chain Projects Suffer Flash Loan Attacks

Follow us on Twitter or join our Telegram

Hack Ethereum Binance Altcoins Security