Hacker claims to have stolen $610 million for fun, returns half the money

People behind the $613 million cryptocurrency heist have returned $342 million. Hacker denies interest in money, claiming the heist was meant to expose vulnerabilities. Experts are not convinced that was the case.

Poly Network, a decentralized finance (DeFi) platform that fell victim to one of the largest crypto heists in history, announced the hackers returned over a half of money stolen so far. The perpetrators behind that attack continue sending money back to Poly Network. 

Interestingly enough, the hacker included a set of hidden messages within the transactions, essentially providing a Q&A on their motives.

The perpetrator or perpetrators claim to have carried out the hack for fun and to expose vulnerabilities in Poly Network system. The perpetrators used hidden messages to claim they chose not to inform Poly Network about the spotted bugs in order to 'protect' the company.

"Ask yourself what to do had you facing so much fortune. Asking the project team politely so that they can fix it? Anyone could be the traitor given one billion! I can trust nobody!" the suspected perpetrator reasoned. 

According to the hacker, returning the funds was and still is a part of the plan.

"I am not very interested in money! [...] I announced the returning decision before midnight so people who had faith in me should had a good rest," the perpetrator wrote.

Tom Robinson, a co-founder of Elliptic, a blockchain analysis provider, told Reuters that the actual reason to return the funds might be far less charitable. He claims that it's challenging to launder stolen crypto on such a scale.

"Even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the broad use of blockchain analytics by financial institutions," Robinson told Reuters.

How did it happen?

Poly Network tweeted on Tuesday that a preliminary investigation found that hackers exploited a vulnerability in a smart contract the company uses to carry out transactions.

Kevin Fichter, an Ethereum programmer, wrote on Twitter that the hackers likely override the contract instructions for blockchains and diverted funds to digital wallets of their choosing. 

According to Reuters, the hackers attempted to transfer some of the funds into a liquidity pool Curve.fi but the transfer was rejected due to the heist. 

The recent hack is among the largest in history, similar to 2014 Mt. Gox heist where perpetrators stole half a billion dollars worth of Bitcoin from what was then the world's biggest cryptocurrency exchange.

However, in Mt. Gox case the stolen money simply vanished, making it one of the largest heists in history. Japanese media at the time suspected that Mt. Gox insiders were behind the attack.

More from CyberNews:

Security consultant hacked a capsule hotel to shut up his noisy neighbor

The cost of unwanted bot traffic – up to $250M a year

An engineer fell victim to a gift card scam. His colleagues discovered the whole fraud scheme

Google’s own antivirus app fails to detect 70% of spyware

Don’t toss your broken phone just yet. Soon, the repair costs may go down

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked