Hackers stole $600 million worth of cryptocurrency from Poly Network, a decentralized finance platform. It claims this is the biggest theft in the history of the industry.
A vulnerability in Poly Network allowed the thief to make off with the funds, the platform said Tuesday, begging the attacker to return the money.
“The amount of money you hacked is the biggest one in the defi history,” Poly Network wrote in a letter to the attacker it posted to Twitter. “The money that you stole is from tens to thousands of members of the crypto community… you should speak to us to find a solution.”
Poly Network urged other members of the cryptocurrency ecosystem to “blacklist” the assets coming from addresses used by the attacker to siphon away the funds — which included a mix of various coins including $33 million of Tether, according to Tether’s CTO. Tether later stated that it had frozen the assets within 20 minutes after learning about the attack. The cryptocurrency exchange Binance said it was “coordinating with all our security partners to actively help.” Poly Network connects multiple virtual currencies’ blockchains to enable interoperability.
Poly Network set up several addresses where the hacker could be returned the money after the attack. It appears that the hacker is cooperating. As of 7:47 AM. ET Wednesday, Poly Network said, it had received about $4.7 million back. The hacker’s identity was not immediately known.
By noon, much more money, about $261 million, had been returned, according to the blockchain forensics firm Chainalysis. Chainalysis noted that the attacker claimed to have attacked Poly Network “for fun:)” and that the attack was a challenge.
“I accept the responsibility to expose the vulnerability prior to any insiders hiding or exploiting it!” The attacker wrote. “I was aware of the possibility of being exposed even if it is not my intention to do harm. I used temporary email, IP, or my so-called fingerprint to hide the fact that they were not traceable. I prefer to keep the world in the dark, and help save it.”
Chainalysis stated that once the hack had been exposed, it was impossible for the hacker withdraw funds safely. Every transaction is tracked and recorded.
“With the transparency inherent in blockchains and the eyes from an entire industry watching you, how could any cryptocurrency hackers expect to escape with large amounts of stolen funds?” the company wrote in its report. “In most cases, they can only hope to avoid capture because the funds are frozen in a private blacklisted wallet.”
As investors invest billions in digital currencies, regulators have intensified their scrutiny of crypto platforms. Recently, Senator Elizabeth Warren asked Gary Gensler, Chair of the SEC to examine whether the SEC can oversee trading on cryptocurrency platforms.
Gensler responded last week by saying: “Right now I believe that investors using these platforms do not have adequate protection.”