Hackers who engineered one of the biggest cryptocurrency heists in history returned roughly one-third of the currency they pilfered from electronic wallets. The funds were returned on Wednesday, with the heist’s victims, Poly Network, announcing their return on Twitter. Poly Network alleges that they have received $260 million of the crypto, but that $353 million of it is still missing.
Poly Network is a crypto exchange platform that allows users to send cryptocurrency to one another in an encrypted fashion. Like most cryptocurrency platforms, Poly Network is completely decentralized and is only used to facilitate peer-to-peer transactions. This is primarily meant to keep thefts like the massive heist that just saw them lose $600 million from happening.
Massive Heist Swindles Poly Network
The jaw-dropping sum of money was stolen by hackers who exploited a unique vulnerability in Poly Network’s code that allowed them to trick the system into transferring funds to their own accounts. The hackers essentially rewrote the destination on digital contracts, allowing them to move funds from one blockchain to another. In theory, the blockchain is supposed to prevent this kind of fraud from being possible.
According to crypto analysts at Chainalysis, the hackers were able to do this because of a vulnerability in Poly Network’s own code. By altering some parts of the digital contracts, the hackers were able to trick the blockchain into recognizing them as the recipients of millions of dollars worth of crypto assets. This resulted in an end-run that fooled the blockchain into not flagging the activity as fraudulent, allowing them to register the currency in their own wallets.
For an easy illustration of a real-world version of this event, imagine a train full of gold bars moving down a track toward a bank where guards will unload the currency. Then, thieves use a lever to switch the train onto another track without alerting the guards. The guards arrive at a convincing-looking bank and drop off the funds without raising any alarm, and then depart none the wiser that they just offloading the money to criminals.
Why Did the Criminals Return Some of the Money?
A person claiming to be responsible for the hack has publicly stated that they executed the theft “for fun” and that it was “always the plan” to return the money. The alleged hacker said they wanted to “expose the vulnerability” ahead of more unscrupulous hackers taking the funds, and Chainalysis and crypto tracking firm Elliptic have both reported.
Independent sources have been unable to verify if the messages are authentic, as the identity of the hacker is not public knowledge. It’s unclear at the time of this writing if Poly Network is actually aware of the hacker’s identity, either. However, experts are currently under the impression that the hacker is talented enough to have not had their identity compromised.
Poly Network, furious with the theft, publicly threatened the person or people behind the hack with legal action. At first, the company seemed to believe that this threat was the reason for the return of the funds. However, if the hacker actually has managed to conceal their identity, then they would have no fear of legal repercussions.
There are a few reasons why a hacker might return stolen crypto. For one thing, it’s possible that the person purporting to be the hacker is either telling the truth or was accidentally correct about the real hacker’s intentions. “Gray hat” hackers, hackers who help people while operating outside the bounds of the law, are a real force on the internet. It’s distinctly possible that a fun-loving but good-natured hacker decided to take Poly Network for a ride by scaring them with the possibility of having $600 million vanish, only to return the funds right after taking them.
However, some analysts have theorized that other motivations could explain the return of the currency. It’s entirely possible that the hacker simply didn’t realize the enormity of what they were doing until after the fact. After all, $600 million in stolen crypto paints quite the target on a person’s back. It’s also not easy to launder that much money.
“Even if you can steal crypto assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the broad use of blockchain analytics by financial institutions,” Tom Robinson, the co-founder of Elliptic, tells Yahoo Finance.
Theft in the unregulated world of decentralized finance is simply part of the everyday reality of crypto exchanges. The massive losses that these companies suffer when hackers fleece them could result in a hastening of regulatory efforts to bring some law and stability to the sector. Recently, SEC chair Gary Gensler has been pushing for the US government to take a more active role in protecting investors who have stakes in crypto assets.
Huge heists like this one could simply be hastening regulators to get involved in the currently lawless world of crypto.