Hackers Steal More Than $600 Million in Cryptocurrency and Then Return Nearly Half Claiming It Was "For Fun!"

Stock image of a cybercriminal
Getty Stock Images

The heist is being called "one of the largest cryptocurrency heists in the industry’s history," experts say.

Hackers who stole $611 million from a decentralized finance platform in one of the largest cryptocurrency heists in the industry’s history, returned almost half of the funds on Wednesday, according to a published report.

The cybercriminals hit Poly Network, a decentralized finance (DeFi) platform that looks to connect different blockchains so they can work together, after exploiting a vulnerability in their system, CNBC reported

On Tuesday, Poly Network made the announcement on Twitter of the attack. 

In a letter on Twitter, they urged the cyber thieves to "return the hacked assets.” 

“The amount of money you hacked is the biggest one in the deli history,” Poly Network wrote. “Law enforcement in any country will regard this as a major economic crime and you will be pursued. It is very unwise for you to do any further transactions. The money you stole is from tens of thousands of crypto community members, hence the people.” 

In closing,  “You should talk to us to work out a solution.”

The company then urged other members in the cryptocurrency sector to “blacklist tokens” coming from addresses that were linked by the attackers, CNBC reported.

After Poly Network’s message companies jumped to freeze their assets. One of those crypto companies was Tether, who said in a statement that it froze their assets within 20 minutes of learning about the attack, CNN reported.

Paolo Ardoino, Tether’s CTO wrote on Twitter that he “just froze $33 million $USDt on 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963 as part of the #PolyNetwork hack.”

One person responded to the swift action Tether took. “Paolo, you king,” wrote one person.” 

Changing Zhao, CEO of cryptocurrency exchange Binance posted on Twitter that they were aware of the Poly Network hack.

“We are aware of the http://poly.network exploit that occurred today. While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can. Stay #SAFU," the tweet said.

Poly Network said on Wednesday that hackers were “ready to return" the funds. The message they sent was embedded in a cryptocurrency transaction. The DeFi platform responded, requesting the money be sent to three crypto addresses, CNBC reported.

By 7 a.m., London Time, more than $4.8 million had been returned to the Poly Network addresses. And, by 11 a.m. ET, about $258 million had been sent back, the news outlet reported. 

On Thursday, Poly Network sent out a Twitter telling users that their primary goal is to “fully recover the user assets.” 

“It is undeniable that we are going through a difficult period,” the company said. “The team has been working hard on achieving this goal all the time since this incident happened. We look forward to Mr. WhiteHat returning all of the remaining user assets as stated by him, and we will work hard to achieve this goal.”

According to Blockchain Forensics Firm Chainalysis, the hacker claimed to have hacked Poly Network “for fun:) and that he or she undertook the attack as a challenge,” CNN reported.

This was determined based on some of the notes that were attached to some of the transactions.

"With the inherent transparency of blockchains and the eyes of an entire industry on you, how could any cryptocurrency hacker expect to escape with a large cache of stolen funds?" the company wrote in its report, the news outlet reported.

The company added: ”In most cases, the best they could hope for would be to evade capture as the funds sit frozen in a blacklisted private wallet.”

According to CipherTrace, a cryptocurrency compliance company, DeFi-related hacks are on the rise including fraud.

There have been a total of $361 million DeFi related attacks from the beginning of 2021 through July 2021, an increase of nearly three times from 2020, the company said. 

Related Stories