In an unusual twist for the one of the largest cryptocurrency heists ever, a hacker who stole more than $600 million in tokens from blockchain-based platform Poly Network on Tuesday has sent back a large majority of the stolen funds after a slew of cryptocurrency experts and businesses pledged to track the hacker’s crypto activity on the blockchain—but the hacker’s identity, and how exactly funds were stolen, remain unknown.
Transactions publicly stored on the blockchain show an address belonging to Poly’s hacker started returning the roughly $610 million in stolen cryptocurrency assets through several transactions early Wednesday.
So far, Tom Robinson, the chief scientist at blockchain analytics company Elliptic, says Poly has retrieved all the $267 million in ether and $252 million in binance coins stolen, and roughly $55 million in tokens pegged to the U.S. dollar.
The only assets yet to be returned are USDT tokens valued at roughly $33 million that the token’s issuer, Tether, said it froze on Tuesday to prevent the hacker from moving the funds; Tether did not immediately respond to Forbes’ request for comment about its plans for the tokens.
Between early Wednesday morning and Thursday afternoon, the seemingly unabashed hacker has been leaving notes embedded in the numerous transactions, insisting he only infiltrated Poly’s network to expose the vulnerability, claiming to be “hacking for good” and in a four-part Q&A Thursday, calling the heist “one of the best moments in my life.”
The reversal comes after Poly demanded in a slew of tweets since Tuesday that the hacker start returning the funds to three cryptocurrency wallet addresses, at one point saying the money stolen belonged to “tens of thousands of crypto community members.”
In an email to Forbes, Robinson confirmed the transactions and said he thinks the hacker beginning to return the funds “demonstrates that even if you can steal cryptoassets, laundering them and cashing out is extremely difficult due to the transparency of the blockchain.”
Tuesday’s hack on Poly marks one of the biggest hacks in cryptocurrency history and is even bigger than the $460 million hack on cryptocurrency exchange Mt. Gox that led to the company’s bankruptcy and heightened regulation in the nascent space about seven years ago. Shortly after the Tuesday morning exploit, Poly urged cryptocurrency miners and exchanges to “blacklist” tokens coming from the hacker’s addresses, and many soon heeded the call. Executives at some of the world’s largest cryptocurrency exchanges—including Huboi, OKEx and Binance—said they were monitoring their platforms for any activity by the hacker. Changpeng Zhao, Binance’s billionaire CEO, said the company, which serves as the primary operator of the blockchain on which binance coins are built, would coordinate with its security partners and “do as much as [it] can” to help. Meanwhile, Jay Hao, the CEO of cryptocurrency exchange OKEx, said the company is “watching the flow of coins and will do [its] best to manage the situation.”
What We Don’t Know
The hacker’s identity and how funds were stolen. In a statement, China-based blockchain security firm SlowMist said it has identified the attacker’s email, IP address and device fingerprints, but was still working on tracking additional identity clues. SlowMist asserts the hacker took advantage of a vulnerability in Poly’s smart contracts to access the stolen funds, but other experts aren’t so sure. Security auditor BlockSec, for example, speculates the hacker may have obtained Poly’s private key through a leak and used it to transact funds.
What To Watch For
Legal action—and potential regulation—stemming from the hack. Less than a week ago, SEC Chairman Gary Gensler said booming decentralized finance platforms, also known as DeFi, deserve more government scrutiny and likened the space to the “Wild West.” According to crypto intelligence firm CipherTrace, more than 75% of cryptocurrency hacks this year have been linked to DeFi.
$103 billion. That’s the market value of all decentralized finance tokens (like Polygon), according to cryptodata website CoinGecko. The space shot past a $100 billion valuation for the first time ever this year and peaked at about $150 billion in May before the broader crypto market crashed nearly 50%.