In a surprise twist, nearly all of the funds from what was likely the largest decentralized finance theft ever are back in the control of their previous owner, Poly Network. While the hacker claims that he did the theft either "for fun" or to expose a flaw in Poly Network as a good samaritan, it seems as though he originally attempted to transfer the coins and was unable to do so.
Poly Network announced on their Twitter (NYSE: TWTR) last Tuesday, August 10, that their platform had been hacked.
"The amount of money you hacked is one of the biggest in the defi history. Law enforcement in any country will regard this as a major economic crime and you will be pursued" the Poly Network statement reads. "It is very unwise for you to do any further transactions."
Along with their announcement on Twitter, Poly Network warned cryptocurrency exchanges to blacklist all addresses associated with the hacker and block all attempted transfers.
Poly Network is a part of the up-and-coming decentralized finance (DeFi) sector of the crypto industry. This sector works to offer loans and other traditional banking and financial services to users without them needing to use a middleman like a brokerage firm or exchange.
Early in the week, the hacker took advantage of a flaw in the Poly Network platform in order to steal funds totaling more than $610 million, in more than 12 different cryptocurrencies. For comparison, from January to July of this year, the total of all DeFi hacks was $361 million.
On Tuesday, the hacker was able to successfully transfer roughly $100 million into Ellipsis Finance, a liquidity pool. However, another transaction was soon rejected.
By Wednesday, the cybercriminal had sent word to Poly Network that he was "ready to return" the stolen tokens. In response, Poly Network tweeted three different crypto addresses to which the hacker could send the funds.
Within 48 hours of the theft, nearly all of the $600 million had been returned. Roughly half was sent to the addresses provided by Poly Network, while most of the rest was sent to a digital wallet controlled jointly by the hacker and the platform.
"I think this demonstrates that even if you can steal crypto-assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics," Elliptic chief scientist of blockchain analytics told CNBC. "In this case, the hacker concluded that the safest option was just to return the stolen assets."
By Friday, the story had developed somewhat, with the hacker even holding a question and answer session embedded within a transaction. In the Q&A, the individual was somewhat inconsistent regarding why they had carried out the hack, at one point saying it was just "for fun" while later claiming it was some sort of selfless act.
"When spotting the bug, I had a mixed feeling," the answer reads. "Ask yourself what to do had you facing so much fortune. Asking the project team politely so that they can fix it? Anyone could be the traitor given one billion!"
The individual claims that they "can't trust nobody" and that that was why they had transferred the funds to their own accounts.
"I know it hurts when people are attacked, but shouldn't they learn something from those hacks?"
Despite the questionable nature of nearly all claims related to this crime, Poly Network confirmed on Friday that they were offering the hacker a "bug bounty" in exchange for exposing the flaw in their system. The bounty, amounting to $500,000, has not yet been accepted by "Mr. White Hat", as Poly Network had started to refer to the hacker.
A "white hat" hacker is one who hacks ostensibly for good reasons, in order to expose flaws and corruption.
"After communicating with Mr. White Hat, we have also come to a more complete understanding regarding how the situation unfolded as well as Mr. White Hat's original intention," Poly Network wrote in a statement.
While it's possible that the hacker was doing a good deed, as he claims, many blockchain analysts think it's more likely that he simply found it too difficult to move around the stolen tokens.