Poly Network Hackers Return $258m, After Huge Cryptocurrency Heist

Blockchain site Poly Network has regained some of the assets stolen earlier this week after hackers stole approximately $611m.

That theft appears to be one the largest cryptocurrency heists ever, but Poly Network on Tuesday took an unusual approach and published a letter appealing directly to the hackers to return the stolen digital asset.

And then in a twist, the hackers sent a message to Poly Network embedded in a cryptocurrency transaction saying they were “ready to return” the funds.

Returning funds

By Wednesday midday, the hackers had returned more than $4.8 million to the three crypto addresses supplied by the DeFi platform for the hackers to use.

And by Thursday morning, the hackers have returned nearly half the amount of digital tokens they stole, namely $258 million.

Poly Network had disclosed on Tuesday that hackers had exploited a vulnerability in its platform that looks to connect different blockchains so that they can work together.

In its letter on Twitter, addressed to ‘Dear Hacker’, the Poly Network Team urged the thieves to “establish communication and return the hacked assets”.

“The amount of money you hacked is the biggest one in the defi (sic) history. Law enforcement in any country will regard this as a major economic crime and you will be pursued,” the letter states.

“It is very unwise for you to do any further transactions,” the letter states. “The money you stole are (sic) from tens of thousands of crypto community members, hence the people.”

“You should talk to us to work out a solution,” the letter concludes.

Poly Network is a decentralised finance platform. DeFi is a broad term encompassing financial applications based on blockchain technology that looks to cut out intermediaries – such as brokerages and exchanges. Hence, it’s dubbed decentralised.

Cashing out

One security expert noted that because of blockchain’s core design, laundering cryptocurrencies and cashing out is hard.

“This strange change of heart won’t be due to the letter requesting them to simply return the money, it will be more down to the fact that laundering cryptocurrencies and cashing out is very hard due to the dynamics of how the blockchain is designed,” noted Jake Moore, cybersecurity specialist at ESET.

“The flow of the money will be monitored and without a clear direction of having an exit plan and knowing how to evade capture, this reverse in theft may in fact be a sign that it is suggesting they have made mistakes and now want to clear their names should they ever be located,” said Moore.

“It also highlights that the type of criminal chancing a vulnerability to exploit might not be the same classification of a career criminal who has mapped out all lines of sight,” he concluded.

Other Crypto heists

The Poly Network hack looks like it is one the largest cryptocurrency heists ever, but there have been cryptocurrency thefts before.

In 2019 hackers attacked one of the world’s largest cryptocurrency exchanges (Binance) and stole 7,000 bitcoins worth worth $41m at the time.

Binance said that the hackers had used ‘a variety of techniques’ to carry out the robbery.

Then in 2018 in Tokyo hackers broke into a cryptocurrency exchange called Coincheck and made off with nearly $500 million in digital tokens.

Prior to that in 2014, Tokyo-based bitcoin exchange Mt Gox filed for bankruptcy in the US and Japan after it lost 850,000 bitcoins (worth $500m).

It had been targeted repeatedly by hackers.