While we've seen many stories of hackers scoring big with attacks on businesses in the last year, it's rare that we ever hear about money being returned, but that's exactly what happened this week after one of the world's largest cryptocurrency heists.
The money, around $260 million of digital currency, represents just under half of the $600 million originally stolen.
The hacker claims in a self published Q&A that the move is an altruistic one, though some suggest that the robust nature of the cryptocurrency's blockchain make the funds hard to launder, and that the suspect may have gotten cold feet.
The Heist on Poly Network
The crypto hack originally took place on Tuesday, with the hacker attacking Poly Network, a decentralized finance (DeFi) platform that allows users to transfer funds across different blockchains using peer to peer networking. In the attack, $600 million dollars was stolen from users in various currencies, including Ethereum.
Shortly after the money was stolen, large amounts of the funds were blacklisted, meaning that they couldn't be used by the hacker. When they were alerted to this fact by a crytpo user, the hacker tipped 13.37 Etherium (around $42,000) for the information.
While the world of cryptocurrency is no stranger to theft or controversy, this week's action against Poly Network represents one of the largest attacks seen in the industry to date. Of course, being a cryptocurrency story, there has to be an extra twist, and this one doesn't disappoint, with the hacker actually returning around half the funds at the time of writing.
Hacker Returns Stolen Cryptocurrency Funds
On Wednesday, Poly Network announced that it had received $260 million back in cryptocurrency from the hacker. It followed from an appeal that Poly Network had made the previous day, stating that the attack was the largest in DeFi history, and that law enforcement would pursue the perpetrators of the ‘major economic crime'. It seems to have done the trick, at least partially.
Following the return of some of the funds, the attacker published a Q&A with themselves, embedded in Ethereum transactions sent from the account they controlled. In the posts, the perpetrator claims that the hack was only ever intended to demonstrate the flaws in the Poly Network system, and that they had always intended to return the funds.
‘I would say [that] figuring out the blind spot in the architecture of the poly network would be one of the best moments of my life' – Poly Network hacker
When faced with the question of why they had decided to return the funds, the hacker stated ‘that was always the plan!', and claimed that they weren't interested in the money, and would return the funds ‘before midnight, so people who had faith in me could have a good rest'.
Will All the Funds be Returned?
While many cryptocurrency users no doubt breathed a huge sigh of relief at the return of some of the funds, many aren't out of the woods yet, with over $300 million still unaccounted for. Users themselves have taken to social media to appeal to the hacker to return their money, and even Poly Network stated to the attacker that they had stolen from tens of thousands of crypto community members.
In their own Q&A, the hacker does state that the money will be returned, although there are questions as to why they are retaining a large proportion of it at the moment.
As for the real reason for handing back the money, while the claims of testing Poly Network's security may hold some water, white hat hackers tend to exploit weaknesses before approaching the company involved privately, allowing them to fix the issue to prevent further damage, and usually receive a financial bounty as a reward for their efforts. What they tend not to do is illegally take $600 million dollars.
It's possible that the hacker has come to the realization of the seriousness of their crime, and hopes that by returning some of the money, the heat will die down, although at this point that seems unlikely, having perpetrated the largest DeFi attack in history. Then there's the issue of the cryptocurrency's attachment to the blockchain. Serving as a permanent record of every transaction, laundering or spending these funds will prove very difficult indeed with a permanent digital trail of the funds origins.
It's unlikely that this cryptocurrency story is over just yet, especially for the hacker, and the thousands of users that they stole from.