Hacker completes return of biggest cryptocurrency theft in history | Antivirus and Security

The story of the biggest cryptocurrency theft on record has finally come to a conclusion after two weeks of negotiations. Poly Network, a decentralized finance and digital currency platform, was attacked by a hacker on August 10th. The attacker took $600 million in multiple tokens, but said he did so in “good faith” to expose a critical bug. With that, he promised to return the funds and the platform would compensate him with a prize of $500,000 for the “help”.


Hacker hacked into smart contract (image: Darwin Laganzon/Pixabay)

Poly Network is a decentralized finance platform, or DeFi, and operates using smart contracts to handle transfers between cryptocurrencies and blockchains. However, the principal of these contracts, responsible for maintaining a pool of liquidity for the network, had a critical bug that was then exploited by the hacker to take $600 million in at least 12 different currencies, which he then transferred to his own accounts.

In a very unusual twist, the Poly Network hacker didn’t disappear. Instead, he opened a dialogue with the victim company, promising to return all funds. And the promise was fulfilled. This Monday (23), all cash, with the exception of US$33 million in tether, or USDT (a stablecoin linked to the dollar) that were frozen by its issuers, was successfully returned to the DeFi platform’s wallets.

The biggest and most unusual cryptocurrency theft

South African cryptocurrency exchange owners disappear after alleged hack (Image: Marco Verch/Flickr)
Theft of cryptocurrencies (Image: Marco Verch/Flickr)

The initial dialogue was not at all troubled, it seemed like a story that would be resolved immediately. However, the hacker seems to have changed his mind somewhere along the way. The self-proclaimed “Mr. White Hat”, an English term referring to a hacker well-doer, proposed to return everything he stole and had even refused a “reward” for his work.

Poly Network offered a reward of $500,000 for the full return of funds and “help given.” In addition, the company stated that it would not sue the authorities if he did so. But, it seems, the attacker decided not to leave empty-handed and stopped the return process.

As a result, more than $200 million in digital assets were trapped in an account that required both Poly Network and hacker passwords. In recent days, the hacker has refused to hand over his key, simply saying he would do so when “everyone is ready”, without further details on what exactly that would mean.

Poly Network even begged the hacker publicly, via Twitter and blog posts, to return the remaining funds. Again, the platform then agreed to pay the intruder the $500,000 prize as a “reward for helping to identify a security breach.” The platform even offered the hacker, who so far remains anonymous, a job as “chief security consultant.”

Would a hacker really be a good doer?

Finally, the story came to a happy ending. Now, the hacker has sent Poly Network the password that grants access to the last installment of the stolen funds. “Right now, all users’ digital currencies that were transferred during the incident have been fully recovered,” Poly Network said on its blog. “We are in the process of returning full control of assets to people as quickly as possible.”

“As of now, Poly Network has fully regained control of the $610 million (not including the $33 million in frozen USDT) in assets that were affected in this attack. Once again, we would like to thank Mr. White Hat for keeping his promise, as well as the community, partners and various security agencies for their assistance.”

Announced the Poly Network

Security experts said the attacker likely realized that it would be difficult for him to launder so much money and access it, since all transactions are recorded in the blockchain, the public ledger that supports most major digital currencies. . Therefore, “Mr. White Hat” may not be any do-gooder, but rather a real criminal who still managed to make a profit without being chased by the authorities.

In a message embedded in a blockchain transaction, an anonymous person claiming to be the hacker said: “My actions, which might be considered strange, are my efforts to contribute to the security of the Poly project in my personal style… Consensus has been reached painfully and obscurely, but it worked”.

With information: CNBC

Leave a Comment