Poly Network hacker appears ready to return stolen funds

Published at: Aug. 11, 2021

Following a massive $600-million exploit of cross-chain protocol Poly Network, the Poly Network hacker has claimed his willingness to return the stolen cryptocurrency funds.

At about 4:00 am UTC on Wednesday, the hacker sent an Ethereum transaction to themselves, stating that they were “ready to return the fund” in an embedded transaction message.

In a subsequent message, the hacker asked for a multisig wallet address to return the funds to Poly Network. “Failed to contact the poly. I need a secured multisig wallet from you,” the hacker noted.

Poly Network’s Twitter account posted an update on Wednesday, providing three separate wallet addresses intended for the hacker to send the stolen funds back to the network. “We are preparing a multisig address controlled by known Poly addresses,” Poly Network noted in a message embedded to an Ethereum transaction to the hacker’s address.

Cross-chain developer project O3 Labs suggested that the person behind the Poly Network’s massive decentralized finance (DeFi) exploit could be a white hat hacker.

This hacker might yet be of the white hat variety. Let’s see. https://t.co/Y7jJykWSmS

— O3Labs (@O3_Labs) August 11, 2021

Related: Possible ‘white hat hacker’ exploits THORChain for $8M, proposes 10% bounty

“It’s already a legend to win so much fortune. It will be an eternal legend to save the world. I made the decision, no more DAO,” another message from the hacker said.

The attacker subsequently started returning the stolen funds, sending back over $1 million in USD Coin (USDC) on the Polygon blockchain as of around 8:00 am UTC. Poly Network has since confirmed a receipt of funds, stating, “You are moving things to the right direction. We received 1+M USDC on Polygon. Did you ask us to encrypt the receiving addresses with your BookKeeper public key?”

According to data obtained by crypto journalist Colin Wu, the hacker also returned $2.65 million dollars worth of Shiba Inu (SHIB) and Fei.

Poly Network suffered a major exploit on Tuesday, which saw assets being removed from the Ethereum, Binance Chain and the Polygon network. At $600 million, the attack is the largest DeFi exploit to date.

The rising popularity of DeFi has made the sector an attractive target for hackers. According to an April report by crypto research company Messari, DeFi protocols have lost about $285 million to hacks and other exploits since 2019.

Disclaimer: This article was updated to reflect that the Poly Network hacker started returning the stolen funds.

Tags
Related Posts
The perfect storm: DeFi hacks will advance the crypto sector moving forward
The rise of decentralized finance, or DeFi, could be paving the way toward a fully decentralized financial ecosystem. Yet, given the innovative nature of DeFi, the sector remains in constant development and is therefore prone to a number of vulnerabilities. Unsurprisingly, one of the biggest challenges currently facing the DeFi sector is security threats. This has become apparent as more DeFi hacks continue to wreak havoc across the crypto community. Most recently, the largest DeFi hack within the crypto industry took place. The Poly Network hack resulted in over $600 million dollars removed, and then returned, from Binance Chain, Ethereum …
Decentralization / Aug. 17, 2021
The radical need for updating blockchain security protocols
Decentralized finance (DeFi) is here to stay with over $100 billion in total value locked (TVL), highlighting the evidence of faith in these new financial tools. This investment will continue to increase, but it appears that with each new record in TVL, there is another network attack being reported with astronomical losses. Crypto crime dropped 57% in 2020, but DeFi hacks surged, costing companies and investors billions of U.S. dollars. In March alone, there were several attacks within just a five-day period, with Paid Network losing $180 million. Later in May, PancakeBunny lost more than $200 million in a flash …
Decentralization / June 25, 2021
​​Cream Finance DeFi platform loses $19M in a flash loan hack
Cream Finance, a major decentralized finance (DeFi) protocol focused on lending, has suffered a severe exploit, with a hacker stealing nearly $19 million from its platform. An unknown hacker has managed to gain $18.8 million in the latest flash loan exploit of the Cream Finance protocol through a reentrancy bug introduced by the Amp token, according to an investigation by blockchain security firm PeckShield. Announcing the news Monday, Cream Finance said that the protocol has stopped the exploit by pausing supply and borrow contracts on the Amp token. “No other markets were affected,” Cream Finance stated. C.R.E.A.M. v1 market on …
Decentralization / Aug. 30, 2021
The importance of decentralized oracles: Interview with Sergey Nazarov
Chainlink co-founder Sergey Nazarov believes that increasing the decentralization and scalability of oracle technologies are key to ensure trust in the DeFi ecosystem. Oracles play a key role in the correct functioning of DeFI protocols by connecting them to real-world data. However, the trustworthiness of oracles becomes compromised in instances where they rely on a single data source to retrieve information. For instance, according to Nazarov, excessively centralized oracles enabled five recent flash loan attacks, which resulted in DeFi protocols losing around $40 million. Flash loans, a form of loan that does not require any collateral, can be used to …
Decentralization / Dec. 19, 2020
ImmuneFi report $10B in DeFi hacks and losses across 2021
Decentralized finance, or DeFi, security platform and bug bounty service ImmuneFi published an official report on Thursday which calculated the total volume of losses in the cryptocurrency markets in 2021. According to its report, the company found that losses resulting from hacks, scams and other malicious activities exceeded $10.2 billion dollars over the past year. Responsible for protecting over $100 billion worth of assets for a number of well-established DeFi protocols, including Synthetix, Chainlink, SushiSwap and PancakeSwap, among others, ImmuneFi has regularly facilitating seven-figure pay-outs to whitehat hackers and other good-willed entities for preventing protocol compromises. According to the report, …
Decentralization / Jan. 7, 2022