Heist twist: Hackers steal $600-M of cryptos only to return them later
x

Heist twist: Hackers steal $600-M of cryptos only to return them later

Twitter amused as blockchain protocol Poly Network ‘urges’ hackers to return booty; so, why did the money trickle back later?


Poly Network, a company that specialises in transferring cryptocurrency, fell prey to a digital heist. Hackers allegedly cracked its security system and siphoned off a record amount, estimated at $600 million.

About $267 million of Ethereum, $252 million of Binance coin and $85 million of USDC tokens taken off the system, said media reports citing data from wallet addresses on Twitter. It was reported that the looters had exploited a vulnerability in Poly Network’s security systems.

Poly Network operates a blockchain protocol that helps link blockchains, so that owners of one particular cryptocurrency can trade it for another.

Tuesday’s heist was alleged to be among the largest in the world of cryptos, breaking the earlier record of 2018, when hackers took $530 million off Tokyo-based Bitcoin exchange Coincheck.

Twist in the tale

Then came the twist in the tale. Poly Network posted a formal ‘letter’ to the hackers on Twitter on Tuesday, where it sought communication with them. It further urged them to return the assets. “The money you stole are from tens of thousands of crypto community members, hence the people,” said the letter. “You should talk to us to work out a solution.”

Calling the theft “one of the biggest in the defi history”, it said law enforcement agencies will view it as a major economic offence and pursue the offenders. ‘Defi’ refers to the decentralised finance space Poly Network operates in.

Also read: Replenish ATMs or pay fine for cash-outs from October, RBI tells banks

“We are sorry to announce that #PolyNetwork was attacked,” and assets transferred to hacker-controlled accounts, the company said in a series of tweets, according to an AFP report. The company further posted online addresses used by the hackers, and requested “miners of affected blockchain and crypto exchanges to blacklist tokens” coming from them.

Did the letter work?

The Poly Network ‘letter’ raised much mirth on Twitter. People wondered which thief would go through the trouble of carrying out such an intelligent heist only to return the loot on being asked.

“Imagine successfully stealing over $600m and have the people you stole from think there’s a chance you might be willing to return it with what amounts to a passive-aggressive post-it note on the fridge,” wrote @flippantflaneur.

It may or may not have been the letter, but the stolen cryptocurrency began trickling back into the network.

Initially, around $2 million was returned. The hackers embedded the message “READY TO RETURN THE FUND!” in an ethereum transaction, said a Yahoo report. The return is in progress and can be monitored on the blockchain, it added.

Security concerns

While it is possible that the hackers were just testing the security system on Poly Network, and planned to fully return the money, the incident does throw serious doubts on the viability of cryptocurrency. That the company had to ‘appeal’ to the hackers for want of any other legal recourse itself is alarming, pointed out crypto experts.

Yet, the fact that the loot was returned is encouraging, said some. For one thing, it shows self-regulation in any ecosystem works. Also, the hackers may have found it difficult to use the stolen currency.

“I think this demonstrates that even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics,” the Yahoo report quoted Tom Robinson, co-founder and chief scientist at Elliptic, a company that specialises in blockchain analytics, as saying.

“In this case the hacker concluded that the safest option was just to return the stolen assets. So, I think that this will actually improve confidence in decentralized finance.”

Read More
Next Story