Skip to main content

Poly crypto hacker pleads innocence as loot is returned

Cryptocurrency
(Image credit: Shutterstock)

In a surprising turn of events, the hacker claiming to be behind the theft of several different cryptocurrencies worth a staggering $600 million has begun returning the loot.

The attacker exploited a “vulnerability between contract calls” in the Poly Network, a decentralized cross-chain protocol and network that helps facilitate swapping tokens across multiple blockchains, to make away with $273 million of Ethereum tokens, $253 million in tokens on Binance Smart Chain and $85 million in USDC on the Polygon network.

But within thirty hours of the heist coming to light, the thief began transferring his ill-gotten cryptos back to Poly Network, and according to the latest update, has returned over $342 million, with transfers still ongoing. 

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

To put the heat on the hacker, Poly Network had posted the thief’s wallet addresses, urging exchanges to blacklist the stolen tokens, even as other members in the decentralized finance (Defi) space offered their assistance.

A whitehat hacker?

As he or she was returning the cryptos, the hacker decided to clear the air about his intentions, in the form of a detailed Q&A embedded in the ethereum transactions sent from the hacker’s account, according to Tom Robinson, CEO of blockchain analysis company Elliptic.

The hacker claimed they had always intended to return the funds and took the cryptos in order to expose the vulnerability before it could be exploited by others with malicious intent. 

Explaining the reasons behind the slow return the hacker says it is because of the steps they have had to undertake to hide their identity. They say they've taken enough steps, such as using disposable email addresses and untraceable temporary IP addresses, to stay anonymous.

“Whatever the motivation for the hack, these events have demonstrated how difficult it is [to] profit from theft or any other illicit activity using cryptoassets. The transparency of the blockchains allowed crowd-sourced, real-time collaboration between protocol developers, stablecoin issuers, blockchain analytics companies and the wider community, to ensure the hacker would not be able to disappear with the stolen assets,” wrote Robinson in a blog post.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.