Update (1005ET): The hacker now appears to be asking for donations for his (or her) decision to return their ill-gotten gains...
* * *
Just as crypto-bulls were celebrating the recent market rally, news of a record-setting $600MM hack of the cross-chain protocol Poly Network spoiled the party by reviving security concerns that have dogged the crypto universe, in one way or another, since the collapse of Mt. Gox back in 2014. Across the world, hodlers were left to look on helplessly as the hacker transferred the funds to a handful of addresses, which immediately became the focus of intense scrutiny as the world speculated about the identity of the hackers.
Well, as it turns out, the whole thing was for show, because the hackers have already started returning the stolen coins after contacting the Poly Network early Wednesday morning to say they were ready to return the money...
In response, Poly Network’s Twitter account provided three separate wallet addresses for the hacker to return the stolen coins to the network. “We are preparing a multisig address controlled by known Poly addresses,” Poly Network noted in a response message also embedded in an ethereum transaction, as the screenshot shows.
Hope you will transfer assets to addresses below:— Poly Network (@PolyNetwork2) August 11, 2021
Polygon: 0xA4b291Ed1220310d3120f515B5B7AccaecD66F17 pic.twitter.com/mKlBQU4a1B
So far, nearly $4.8MM of the $600MM in stolen funds had been successfully returned.
So far, we have received a total value of $4,772,297.675 assets returned by the hacker.— Poly Network (@PolyNetwork2) August 11, 2021
ETH address: $2,654,946.051
BSC address: $1,107,870.815
Polygon address: $1,009,480.809 pic.twitter.com/bPFAQk4mvS
Details are still sketchy, but cross-chain developer O3 Labs suggested the hacker might be a "white hat" looking to draw attention to security flaws. This wouldn't be the first time a hacker returned stolen coins.
According to data obtained by crypto journalist Colin Wu, the hacker has also returned $2.65MM in stolen Shiba Inu and Fei that were also stolen during the hack.
This hacker might yet be of the white hat variety. Let’s see. https://t.co/Y7jJykWSmS— O3Labs (@O3_Labs) August 11, 2021
The hack initially targeted Ethereum, Binance Chain, and the Polygon network.
Crypto security experts celebrated the hacker's decision, with Dr. Tom Robinson, co-founder and chief scientist at Elliptic, telling Zero Hedge that "this demonstrates that even if you can steal crypto assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics. In this case, the hacker concluded that the safest option was just to return the stolen funds. "
Still, the growing popularity of DeFi (decentralized finance) networks and tokens is making the sector an attractive target for hackers. One research firm estimated nearly $300MM has already been stolen in other hacks.
For now, it looks like the hackers will return the entirety of the stolen funds. Next time, they might not be so lucky.