Crypto heist. Blockchain site Poly Network urges hackers to return stolen digital tokens after they exploited a vulnerability
Blockchain site Poly Network has admitted that hackers stole approximately $600m (£433m) in what seems to be one the largest cryptocurrency heists ever.
After the breach, Poly Network addressed the hackers directly in a tweet, and asked they return the stolen assets as the hackers are likely to be pursued “in any country” for this “major economic crime.”
The hack looks like it is one the largest cryptocurrency heists ever, but there have been cryptocurrency thefts before.
In 2019 hackers attacked one of the world’s largest cryptocurrency exchanges (Binance) and stole 7,000 bitcoins worth worth $41m at the time.
Binance said that the hackers had used ‘a variety of techniques’ to carry out the robbery.
Then in 2018 in Tokyo hackers broke into a cryptocurrency exchange called Coincheck and made off with nearly $500 million in digital tokens.
It had been targeted repeatedly by hackers.
But now Poly Network has admitted hackers had exploited a vulnerability in its platform that looks to connect different blockchains so that they can work together.
In its letter on Twitter, addressed to ‘Dear Hacker’, the Poly Network Team urged the thieves to “establish communication and return the hacked assets”.
“The amount of money you hacked is the biggest one in the defi (sic) history. Law enforcement in any country will regard this as a major economic crime and you will be pursued,” the letter states.
“It is very unwise for you to do any further transactions,” the letter states. “The money you stole are (sic) from tens of thousands of crypto community members, hence the people.”
“You should talk to us to work out a solution,” the letter concludes.
Poly Network is a decentralised finance platform. DeFi is a broad term encompassing financial applications based on blockchain technology that looks to cut out intermediaries – such as brokerages and exchanges. Hence, it’s dubbed decentralised.
An surprisingly the letter seems to have worked somewhat, after CNBC reported that the hackers have started returning some of the $600 million they stole.
The hackers reportedly sent a message to Poly Network embedded in a cryptocurrency transaction saying they were “ready to return” the funds.
The DeFi platform responded requesting the money be sent to three crypto addresses.
As of midday London time on Wednesday, more than $4.8 million had been returned to the addresses.
A security expert has said that hacks like this gain attention due to the large sums of money involved, and the problem is that cryptocurrencies are largely unprotected.
“Cryptocurrency hacks attract huge amounts of attention often due to the colossal sums of money associated with them but there is also an element of fear that is naturally linked to these attacks,” explained Jake Moore, former head of digital forensics at Dorset Police and cybersecurity specialist at global cybersecurity firm, ESET.
“The issue with cryptocurrencies is that they are largely unprotected and therefore, when a hack occurs it is not like an ordinary bank heist where the money is stolen from the bank who remains the victim,” said Moore. “Money stolen which is stored in digital ledgers is taken from individual accounts and this is what worries those choosing to store their money in these locations.”
“Simply asking the hackers to return the currencies suggests there is little left to do for those involved including the authorities,” said Moore. “Cryptocurrencies by nature are largely anonymous which makes such heists extremely attractive to those wanting to illicitly gain from the amount of work required to gain such rewards.”